openbsd
9 years agoAdd pledge support in awk and make awk -safe actually safe.
doug [Sat, 10 Oct 2015 20:04:28 +0000 (20:04 +0000)]
Add pledge support in awk and make awk -safe actually safe.

awk -safe was introduced back in 1997 to stop awk from doing file output,
execute commands or access the environment.  The lexer rejected programs
when it saw awk commands that would write, exec or env.  Beyond that,
it wasn't safe from write/exec/env during program execution.

With pledge "stdio rpath", the kernel is now enforcing the awk -safe
mode restrictions at runtime (other than env).

Based on a diff by deraadt@

ok deraadt@ beck@

9 years agoRather than invoking fork/execve of dc(1) on a pipe, compile in the dc(1)
deraadt [Sat, 10 Oct 2015 19:28:54 +0000 (19:28 +0000)]
Rather than invoking fork/execve of dc(1) on a pipe, compile in the dc(1)
code directly and use it as a subfunction.  This refactoring allows use of
pledge "stdio rpath proc tty" in the main bc(1) process before fork, pledge
"stdio rpath tty" after fork, and fully reduced to "stdio" in the dc(1)
child.

This requires two recent to the kernel code (allowing sigsuspend(),
and kill() self as pid 0).
ok otto

9 years agosince kdump may getprotobynumber() late, do not drop "rpath". We could
deraadt [Sat, 10 Oct 2015 19:19:46 +0000 (19:19 +0000)]
since kdump may getprotobynumber() late, do not drop "rpath".  We could
potentially modify pledge() to permit /etc/protocols (/etc/rpc?
/etc/services? etc) without requiring a rpath attribute.. but where would
we draw the line for what /etc files libc functions need?  At present, we
draw that line closer to the minimum.
issue found by theo@math.ethz.ch

9 years agoFor pledge, sigsuspend() should is affecting the behaviour a process itself,
deraadt [Sat, 10 Oct 2015 19:15:53 +0000 (19:15 +0000)]
For pledge, sigsuspend() should is affecting the behaviour a process itself,
so we should allow it for 'self'.
ok djm

9 years agopid 0 also implies self, so allow that for the pledge case. Found in
deraadt [Sat, 10 Oct 2015 19:12:39 +0000 (19:12 +0000)]
pid 0 also implies self, so allow that for the pledge case.  Found in
a refactoring being done for the bc/dc relationship with otto.

9 years agopledge "stdio rpath wpath cpath"
deraadt [Sat, 10 Oct 2015 19:11:04 +0000 (19:11 +0000)]
pledge "stdio rpath wpath cpath"
ok doug

9 years agopledge "stdio getpw rpath wpath cpath tmppath proc exec". doug pointed out
deraadt [Sat, 10 Oct 2015 19:10:20 +0000 (19:10 +0000)]
pledge "stdio getpw rpath wpath cpath tmppath proc exec". doug pointed out
the need for getpw.  Not sure if I see ways to improve this program.
ok doug

9 years agoIn iwm(4), set mbuf pointers to NULL after freeing mbufs.
stsp [Sat, 10 Oct 2015 19:04:57 +0000 (19:04 +0000)]
In iwm(4), set mbuf pointers to NULL after freeing mbufs.
ok phessler mpi zhuk

9 years agopledge "stdio rpath wpath cpath proc exec". there is some potential
deraadt [Sat, 10 Oct 2015 19:03:08 +0000 (19:03 +0000)]
pledge "stdio rpath wpath cpath proc exec". there is some potential
for dropping some path attributes in between, but i will let someone
else do that.
ok doug

9 years agopledge "stdio rpath"
deraadt [Sat, 10 Oct 2015 19:02:19 +0000 (19:02 +0000)]
pledge "stdio rpath"
ok beck doug

9 years agopledge "stdio getpw rpath wpath cpath fattr". doug pointed out getpw*
deraadt [Sat, 10 Oct 2015 18:58:53 +0000 (18:58 +0000)]
pledge "stdio getpw rpath wpath cpath fattr".  doug pointed out getpw*
use, and fattr for chmod.
doug

9 years agoencrypt(1) also needs to pledge "wpath" for getpass().
doug [Sat, 10 Oct 2015 18:14:20 +0000 (18:14 +0000)]
encrypt(1) also needs to pledge "wpath" for getpass().

getpass() opens /dev/tty RW so it can write the prompt.

ok deraadt@

9 years agopledge "stdio rpath tty". rpath for the configuration reading done by
deraadt [Sat, 10 Oct 2015 17:59:15 +0000 (17:59 +0000)]
pledge "stdio rpath tty".  rpath for the configuration reading done by
login* subsystem, tty for readpassphase()
ok beck

9 years agopledge "stdio proc exec" works.
deraadt [Sat, 10 Oct 2015 17:48:34 +0000 (17:48 +0000)]
pledge "stdio proc exec" works.
ok doug

9 years agoshuffle #ifdef TIOCSTI block to avoid a future /*FALLTHROUGH*/ mistake.
deraadt [Sat, 10 Oct 2015 16:35:08 +0000 (16:35 +0000)]
shuffle #ifdef TIOCSTI block to avoid a future /*FALLTHROUGH*/ mistake.

9 years agoplege "stdio rpath tty". "tty" is for the curses code lurking in the
deraadt [Sat, 10 Oct 2015 16:15:03 +0000 (16:15 +0000)]
plege "stdio rpath tty".  "tty" is for the curses code lurking in the
background.
ok doug

9 years agopledge "stdio rpath proc exec". proc & exec because obviously it
deraadt [Sat, 10 Oct 2015 15:52:30 +0000 (15:52 +0000)]
pledge "stdio rpath proc exec".  proc & exec because obviously it
spawns subprocesses.  rpath is only needed for the -o (open /dev/tty)
or no -o (open /dev/null) choice.
ok beck

9 years agobasic pledge "stdio rpath"
deraadt [Sat, 10 Oct 2015 15:47:22 +0000 (15:47 +0000)]
basic pledge "stdio rpath"
ok doug

9 years agoReplace calls to x_emacs_putbuf() with x_do_ins() since all
millert [Sat, 10 Oct 2015 15:31:00 +0000 (15:31 +0000)]
Replace calls to x_emacs_putbuf() with x_do_ins() since all
x_emacs_putbuf() does is call x_do_ins().
From mksh via Michael McConville

9 years agopledge "stdio rpath" seems to work; ok doug
deraadt [Sat, 10 Oct 2015 15:08:49 +0000 (15:08 +0000)]
pledge "stdio rpath" seems to work; ok doug

9 years agopledge "stdio proc exec". relies on two recent kernel fixes.
deraadt [Sat, 10 Oct 2015 14:49:23 +0000 (14:49 +0000)]
pledge "stdio proc exec".  relies on two recent kernel fixes.

9 years agoallow sysctl of kern.clockrate
deraadt [Sat, 10 Oct 2015 14:48:03 +0000 (14:48 +0000)]
allow sysctl of kern.clockrate

9 years agoI forgot execve would go through the namei codepath, so a program marked
deraadt [Sat, 10 Oct 2015 14:46:15 +0000 (14:46 +0000)]
I forgot execve would go through the namei codepath, so a program marked
"stdio rpath" this would fail to execve.  pre-indicate exec actions to the
namei checker to allow them through.
ok semarie

9 years agomust also pledge "getpw", because it will use getpw* and getgr* functions.
deraadt [Sat, 10 Oct 2015 14:33:02 +0000 (14:33 +0000)]
must also pledge "getpw", because it will use getpw* and getgr* functions.
discussed with doug and semarie

9 years agopledge "stdio rpath route" seems to be working. route is needed for
deraadt [Sat, 10 Oct 2015 14:29:05 +0000 (14:29 +0000)]
pledge "stdio rpath route" seems to be working.  route is needed for
pretty printing some addresses.

9 years agopledge "stdio rpath wpath cpath". as a curses program, I expected this
deraadt [Sat, 10 Oct 2015 14:27:43 +0000 (14:27 +0000)]
pledge "stdio rpath wpath cpath". as a curses program, I expected this
to maybe need "tty", but have not found a path which calls those kind
of curses functions.
ok doug

9 years agopkill has to get all the getopt, getpwuid, libkvm stuff out of the way
deraadt [Sat, 10 Oct 2015 14:25:42 +0000 (14:25 +0000)]
pkill has to get all the getopt, getpwuid, libkvm stuff out of the way
first.  it can pledge to "stdio" (pgrep case) or "stdio proc" (pkill case)
before parsing and matching the expression.
ok doug

9 years agofairly obvious pledges.
deraadt [Sat, 10 Oct 2015 14:23:46 +0000 (14:23 +0000)]
fairly obvious pledges.
ok doug

9 years agofairly simple pledge to "stdio rpath wpath cpath"
deraadt [Sat, 10 Oct 2015 14:23:12 +0000 (14:23 +0000)]
fairly simple pledge to "stdio rpath wpath cpath"

9 years agoCode points U+10000 to U+fffff are valid, too.
schwarze [Sat, 10 Oct 2015 13:54:22 +0000 (13:54 +0000)]
Code points U+10000 to U+fffff are valid, too.
Fixing a regression in wcrtomb(3) found with the mandoc testsuite
that was caused by the last commit.
OK semarie@ bentley@

9 years agoDecide whether to use_pager as early as possible,
schwarze [Sat, 10 Oct 2015 13:20:25 +0000 (13:20 +0000)]
Decide whether to use_pager as early as possible,
in preparation for pledge(2); no functional change intended.

9 years agoadd (currently failing) test for --exists foo,bar.
jasper [Sat, 10 Oct 2015 12:20:10 +0000 (12:20 +0000)]
add (currently failing) test for --exists foo,bar.

spotted by aja@

9 years agoadd location to the fan description
jung [Sat, 10 Oct 2015 12:05:47 +0000 (12:05 +0000)]
add location to the fan description

9 years agofix wrong brackets in if statement
jung [Sat, 10 Oct 2015 11:57:20 +0000 (11:57 +0000)]
fix wrong brackets in if statement

9 years agothree conversions of fgetln() to getline()
jung [Sat, 10 Oct 2015 11:42:49 +0000 (11:42 +0000)]
three conversions of fgetln() to getline()

ok eric sunil

9 years agoFix /var/spool/smtpd/offline ownership and mode.
ajacoutot [Sat, 10 Oct 2015 09:45:15 +0000 (09:45 +0000)]
Fix /var/spool/smtpd/offline ownership and mode.

ok gilles@

9 years agoMake functions that accept multiple iterations via C-u N, honour 0.
lum [Sat, 10 Oct 2015 09:13:14 +0000 (09:13 +0000)]
Make functions that accept multiple iterations via C-u N, honour 0.
Except C-k which has a defined behaviour. In mg, C-t doesn't complete
n iterations if requested, but probably should, hence it has been
included in this diff.

9 years agoCall onlywind() properly.
lum [Sat, 10 Oct 2015 08:35:26 +0000 (08:35 +0000)]
Call onlywind() properly.

9 years agoMake tcpdump(1) print more information from the HT Capabilities element.
stsp [Sat, 10 Oct 2015 07:52:30 +0000 (07:52 +0000)]
Make tcpdump(1) print more information from the HT Capabilities element.
tweak + ok sthen@

9 years agoAdd macros for A-MPDU and MCS data, both found in HT capabilities element.
stsp [Sat, 10 Oct 2015 07:51:47 +0000 (07:51 +0000)]
Add macros for A-MPDU and MCS data, both found in HT capabilities element.
typo fix + ok sthen@

9 years agoUnused macros; from Michael McConville.
nicm [Sat, 10 Oct 2015 07:38:18 +0000 (07:38 +0000)]
Unused macros; from Michael McConville.

9 years agoMove more declarations out of proto.h into better headers, from Michael
nicm [Sat, 10 Oct 2015 07:35:16 +0000 (07:35 +0000)]
Move more declarations out of proto.h into better headers, from Michael
McConville. No binary change.

9 years agoSome of these large so easy to contain, with "stdio rpath".
deraadt [Sat, 10 Oct 2015 05:47:54 +0000 (05:47 +0000)]
Some of these large so easy to contain, with "stdio rpath".
ok doug

9 years agosimple program using "stdio rpath"
deraadt [Sat, 10 Oct 2015 05:43:48 +0000 (05:43 +0000)]
simple program using "stdio rpath"
ok doug

9 years agoAdd pledge support to cmp(1).
doug [Sat, 10 Oct 2015 05:35:22 +0000 (05:35 +0000)]
Add pledge support to cmp(1).

This is a simple case of using "stdio rpath" until all files are opened and
then dropping down to "stdio" since it includes "rw" on open fds.

ok deraadt@

9 years agopledge to only use "stdio rpath"; ok doug
deraadt [Sat, 10 Oct 2015 05:32:52 +0000 (05:32 +0000)]
pledge to only use "stdio rpath"; ok doug

9 years agoAdd pledge support to getent(1).
doug [Sat, 10 Oct 2015 05:26:57 +0000 (05:26 +0000)]
Add pledge support to getent(1).

This pledges the superset of all requests for the various getent databases
and then drops to the minimum for the chosen database.

ok deraadt@

9 years agoMake use of pledge(2).
renato [Sat, 10 Oct 2015 05:12:33 +0000 (05:12 +0000)]
Make use of pledge(2).

ok deraadt

9 years agoMove some interface initialization bits from if_init() to eigrp_if_start()
renato [Sat, 10 Oct 2015 05:09:19 +0000 (05:09 +0000)]
Move some interface initialization bits from if_init() to eigrp_if_start()
and call if_init() only during the startup of the eigrpe process.

9 years agoRemove attached neighbors whenever an interface is disabled to speedup
renato [Sat, 10 Oct 2015 05:07:10 +0000 (05:07 +0000)]
Remove attached neighbors whenever an interface is disabled to speedup
the convergence process.

9 years agoeigrpctl pledges to use stdio and route.
renato [Sat, 10 Oct 2015 05:06:00 +0000 (05:06 +0000)]
eigrpctl pledges to use stdio and route.

ok deraadt

9 years agoFix detection of interface up/down events.
renato [Sat, 10 Oct 2015 05:03:39 +0000 (05:03 +0000)]
Fix detection of interface up/down events.

9 years agorelayctl pledges to use stdio only
benno [Sat, 10 Oct 2015 00:37:40 +0000 (00:37 +0000)]
relayctl pledges to use stdio only
ok reyk@ sure deraadt@

9 years agopledge("stdio route") needed here, because ipv6
benno [Sat, 10 Oct 2015 00:19:52 +0000 (00:19 +0000)]
pledge("stdio route") needed here, because ipv6
ok deraadt@

9 years agorelayd's ca process pledges to only use stdio.
benno [Sat, 10 Oct 2015 00:16:23 +0000 (00:16 +0000)]
relayd's ca process pledges to only use stdio.
ok deraadt@

9 years agoksh can run with pledge "stdio rpath wpath cpath getpw fattr proc exec tty"
deraadt [Sat, 10 Oct 2015 00:10:07 +0000 (00:10 +0000)]
ksh can run with pledge "stdio rpath wpath cpath getpw fattr proc exec tty"
if the mknod builtin is disabled.  It looks like a lot of abilities, but
hey, this is a shell.  can't open sockets or do other nasty stuff though.
(we'll leave the mknod builtin enabled on the install media for now; there
is work happening to regain the MAKEDEV performance in a different way)
discussions with otto & millert in particular

9 years agoAllow kill(self, sig) in pledge SELF also. the stack protector, abort(),
deraadt [Fri, 9 Oct 2015 23:55:03 +0000 (23:55 +0000)]
Allow kill(self, sig) in pledge SELF also.  the stack protector, abort(),
and readpassphrase() in particular use this.
ok millert tedu semarie

9 years agocan use pledge "stdio"; ok benno
deraadt [Fri, 9 Oct 2015 23:33:54 +0000 (23:33 +0000)]
can use pledge "stdio"; ok benno

9 years agoRemove telnet warnings. Civilization has reached a point where they are no
tim [Fri, 9 Oct 2015 21:59:34 +0000 (21:59 +0000)]
Remove telnet warnings. Civilization has reached a point where they are no
longer relevant.

OK millert@

9 years agoThe variable errmsg can be static in main.c if code in re.c uses an own
tobias [Fri, 9 Oct 2015 21:24:05 +0000 (21:24 +0000)]
The variable errmsg can be static in main.c if code in re.c uses an own
buffer to construct error messages.

with input by and ok millert@

9 years agoDefine functions as static when they are not used outside their own c-files.
tobias [Fri, 9 Oct 2015 20:27:28 +0000 (20:27 +0000)]
Define functions as static when they are not used outside their own c-files.

ok millert@

9 years agoUse __progname rather than argv[0]; OK millert@
tim [Fri, 9 Oct 2015 20:24:37 +0000 (20:24 +0000)]
Use __progname rather than argv[0]; OK millert@

9 years agoReplace readpass(3) with readpassphrase(3). This was the only use of
tim [Fri, 9 Oct 2015 20:14:35 +0000 (20:14 +0000)]
Replace readpass(3) with readpassphrase(3). This was the only use of
readpass(3) in base...

OK millert@

9 years agoLexer states are not needed outside of lex.c.
millert [Fri, 9 Oct 2015 19:49:08 +0000 (19:49 +0000)]
Lexer states are not needed outside of lex.c.
From mksh via Michael McConville

9 years agoMark static globals that are only used in their respective .c files.
millert [Fri, 9 Oct 2015 19:47:02 +0000 (19:47 +0000)]
Mark static globals that are only used in their respective .c files.
Also make stdin unbuffered since that is the same as using a
single-byte buffer.  OK tobias@

9 years agoremove null check before afree. from Michael McConville
tedu [Fri, 9 Oct 2015 19:36:27 +0000 (19:36 +0000)]
remove null check before afree. from Michael McConville

9 years agoExit autoinstall in case of an invalid choice.
rpe [Fri, 9 Oct 2015 18:30:54 +0000 (18:30 +0000)]
Exit autoinstall in case of an invalid choice.

OK krw@

9 years agoKeep relayd test certificate names in sync with syslogd.
bluhm [Fri, 9 Oct 2015 17:51:08 +0000 (17:51 +0000)]
Keep relayd test certificate names in sync with syslogd.

9 years agoupon smtpd restart, when scanning the offline queue, unlink 0-sized offline
gilles [Fri, 9 Oct 2015 17:44:25 +0000 (17:44 +0000)]
upon smtpd restart, when scanning the offline queue, unlink 0-sized offline
messages as they are left-overs from an errored enqueue.

ok millert@, ok eric@

9 years agoHave not come up with a great pattern for flock() yet. flock() is permitted
deraadt [Fri, 9 Oct 2015 17:18:20 +0000 (17:18 +0000)]
Have not come up with a great pattern for flock() yet.  flock() is permitted
by "getpw" because libc getpw*/getgr* use open() of /var/run/ypbind.lock plus
flock() to detect YP running.  The kernel observes this dance to "open up" the
YP door (ugliness should drive us to rewrite this mechanism from SunOS later).

however, flock is also used independently.  Current users are
    htpasswd mail skeyinit tmux authpf pwd_mkdb ldapd smtpd ypbind
    login_token mail.local lockspool
Let's enable flock() for "cpath", and see if that helps these programs,
otherwise we'll try "wpath" next.

9 years agoWith nfs spool (fork + seteuid/setuid balony) support gone, it becomes
deraadt [Fri, 9 Oct 2015 17:09:06 +0000 (17:09 +0000)]
With nfs spool (fork + seteuid/setuid balony) support gone, it becomes
possible to pledge "stdio rpath wpath tty proc"
Noone uses this code anymore.  This is a demonstration...

9 years agoremove NFS spool support; it stands in the way of pledge(2)
deraadt [Fri, 9 Oct 2015 17:07:21 +0000 (17:07 +0000)]
remove NFS spool support; it stands in the way of pledge(2)

9 years agoAdd tests for syslogd TLS accept and receive encrypted messages.
bluhm [Fri, 9 Oct 2015 17:07:06 +0000 (17:07 +0000)]
Add tests for syslogd TLS accept and receive encrypted messages.

9 years agoIf syslogd is started with -S, it accepts TLS connections to receive
bluhm [Fri, 9 Oct 2015 16:58:25 +0000 (16:58 +0000)]
If syslogd is started with -S, it accepts TLS connections to receive
encrypted messages.  The server certificates are taken from /etc/ssl
like relayd does.
OK benno@ beck@ deraadt@

9 years agoConvert fgetln(3) to getline(3).
sunil [Fri, 9 Oct 2015 16:47:14 +0000 (16:47 +0000)]
Convert fgetln(3) to getline(3).

Ok eric@ todd@ gilles@

9 years agoA fork(2) is used in ttymsg() to delay the message to a tty if it
bluhm [Fri, 9 Oct 2015 16:44:55 +0000 (16:44 +0000)]
A fork(2) is used in ttymsg() to delay the message to a tty if it
blocks.  Fix the potential syslogd's death, add "proc" to pledge.
OK deraadt@

9 years agocatch up to tame() -> pledge() rename
deraadt [Fri, 9 Oct 2015 16:29:17 +0000 (16:29 +0000)]
catch up to tame() -> pledge() rename

9 years agopare down the readme so as to not imply we are tracking upstream.
tedu [Fri, 9 Oct 2015 16:26:03 +0000 (16:26 +0000)]
pare down the readme so as to not imply we are tracking upstream.
nor do we much care about running this on dec ultrix anymore, etc...
ok deraadt

9 years agoif an error occurs during offline enqueuing after we've dropped group, then
gilles [Fri, 9 Oct 2015 15:09:09 +0000 (15:09 +0000)]
if an error occurs during offline enqueuing after we've dropped group, then
attempt to ftruncate() the fp back to 0.

suggested and ok millert@, ok eric@

9 years agoturn our local enqueuer setgid _smtpq and restrict access to offline queue,
gilles [Fri, 9 Oct 2015 14:37:38 +0000 (14:37 +0000)]
turn our local enqueuer setgid _smtpq and restrict access to offline queue,
the enqueuer will revoke group and regain real gid right after mkstemp.

this would have prevented the symlink/hardlink attacks against offline, and
it will avoid having to deal with new ways users can mess with it.

ok eric@, ok millert@

9 years agoRemove evil hack. I've never seen the printf fire, and xenocara no longer
kettenis [Fri, 9 Oct 2015 13:22:54 +0000 (13:22 +0000)]
Remove evil hack.  I've never seen the printf fire, and xenocara no longer
contains any code that can manipulate the affected register directly.

ok jsg@

9 years agothis cpp operates file using pledge "stdio rpath wpath cpath"
deraadt [Fri, 9 Oct 2015 12:20:18 +0000 (12:20 +0000)]
this cpp operates file using pledge "stdio rpath wpath cpath"

9 years agoTame syslogd privsep child with "stdio rpath unix inet recvfd".
bluhm [Fri, 9 Oct 2015 12:07:32 +0000 (12:07 +0000)]
Tame syslogd privsep child with "stdio rpath unix inet recvfd".
With and OK deraadt@

9 years agooops, snuck into a syscalls sync; spotted by sthen
deraadt [Fri, 9 Oct 2015 11:47:30 +0000 (11:47 +0000)]
oops, snuck into a syscalls sync; spotted by sthen

9 years agoregress pledge
semarie [Fri, 9 Oct 2015 11:42:54 +0000 (11:42 +0000)]
regress pledge

add missing $OpenBSD$ header

9 years agoregress pledge: remove 'regenerate' target
semarie [Fri, 9 Oct 2015 11:38:39 +0000 (11:38 +0000)]
regress pledge: remove 'regenerate' target

9 years agoadd "tty" regress for pledge
semarie [Fri, 9 Oct 2015 11:38:05 +0000 (11:38 +0000)]
add "tty" regress for pledge

9 years agocorrect Xr; from theo buehler
jmc [Fri, 9 Oct 2015 10:13:48 +0000 (10:13 +0000)]
correct Xr; from theo buehler

9 years agoif enhanced status class is not set, enhanced status code is never dumped
gilles [Fri, 9 Oct 2015 09:56:28 +0000 (09:56 +0000)]
if enhanced status class is not set, enhanced status code is never dumped
in disk envelope.

9 years agoAll commands seem to work fine with pledge "stdio" after the connect(),
deraadt [Fri, 9 Oct 2015 07:54:28 +0000 (07:54 +0000)]
All commands seem to work fine with pledge "stdio" after the connect(),
direct source and symbol table inspection suggests it is good.  The same
principle will likely apply to most of our network daemon *ctl programs,
since many are derived from ospfd.  Still, each needs testing.
discussion about network daemons and ctl's has been mostly with renato

9 years agoanother tame(2), spotted by jmc
deraadt [Fri, 9 Oct 2015 07:39:56 +0000 (07:39 +0000)]
another tame(2), spotted by jmc

9 years agoFix line number bug when calling onlywind().
lum [Fri, 9 Oct 2015 07:27:56 +0000 (07:27 +0000)]
Fix line number bug when calling onlywind().

9 years agohook pledge
semarie [Fri, 9 Oct 2015 06:50:01 +0000 (06:50 +0000)]
hook pledge

9 years agofollow tame->pledge in regress
semarie [Fri, 9 Oct 2015 06:44:13 +0000 (06:44 +0000)]
follow tame->pledge in regress

9 years agodo not use weak; plus this dies next week
deraadt [Fri, 9 Oct 2015 06:10:57 +0000 (06:10 +0000)]
do not use weak; plus this dies next week

9 years agoanother stray )
deraadt [Fri, 9 Oct 2015 05:55:58 +0000 (05:55 +0000)]
another stray )

9 years agoshortcircuit TIOCGETA to directly return ENOTTY for non-ttys. It could
deraadt [Fri, 9 Oct 2015 05:30:03 +0000 (05:30 +0000)]
shortcircuit TIOCGETA to directly return ENOTTY for non-ttys.  It could
be called against a non-tty fd, so as to test "is this a tty".  Discovered
by sthen and rob pierce at the same time.

9 years agooops, typo spotted in temporary .c file, by semarie
deraadt [Fri, 9 Oct 2015 04:38:54 +0000 (04:38 +0000)]
oops, typo spotted in temporary .c file, by semarie

9 years agofix a gotcha in the connect refactoring, that could result in dropping
deraadt [Fri, 9 Oct 2015 04:13:34 +0000 (04:13 +0000)]
fix a gotcha in the connect refactoring, that could result in dropping
through and trying to bind failed v6 connects.
ok guenther

9 years agothe ntp engine can run with "stdio inet proc". For many reasons,
deraadt [Fri, 9 Oct 2015 03:54:53 +0000 (03:54 +0000)]
the ntp engine can run with "stdio inet proc".  For many reasons,
including fork/exec cost, it would be better if constraints were
forked from the master process, which would then tell the ntp
engine.  That would increase accuracy and security.
Lots of conversations with reyk and bcook