openbsd
9 years agoneeds at least some include love; choosing <stdlib.h>
deraadt [Sun, 11 Oct 2015 15:36:58 +0000 (15:36 +0000)]
needs at least some include love; choosing <stdlib.h>

9 years agopledge "stdio tty" works once the kernel allows TIOCGWINSZ. Do the pledge
deraadt [Sun, 11 Oct 2015 15:27:19 +0000 (15:27 +0000)]
pledge "stdio tty" works once the kernel allows TIOCGWINSZ.  Do the pledge
after TIOCGETD, which the kernel is unlikely to support (does not feel like
a good idea for a program to switch line disc, and therefor not worth allowing
the program to ask either)

9 years agoIn pledge "tty", allow TIOCSWINSZ. stty(1) is the obvious silly use.
deraadt [Sun, 11 Oct 2015 15:25:39 +0000 (15:25 +0000)]
In pledge "tty", allow TIOCSWINSZ.  stty(1) is the obvious silly use.
The more important use will be tmux(1) and other active window size
controlling programs. There seems little risk in exposing this small
tty setting alongside the tcsetattr() family.
ok millert

9 years agoConvert some fgetln to getline.
sunil [Sun, 11 Oct 2015 12:50:00 +0000 (12:50 +0000)]
Convert some fgetln to getline.

Ok gilles@, giovanni@, millert@

9 years agoConvert some fgetln to getline.
sunil [Sun, 11 Oct 2015 12:09:06 +0000 (12:09 +0000)]
Convert some fgetln to getline.

Suggestion and ok millert@, ok gilles@, eric@

9 years agohandle comma separated list of arguments, i.e. pkg-config --exists gcr-3,gcr-base-3
jasper [Sun, 11 Oct 2015 11:48:46 +0000 (11:48 +0000)]
handle comma separated list of arguments, i.e. pkg-config --exists gcr-3,gcr-base-3

9 years agoadd variation on existing --exists tests; separated by spaces
jasper [Sun, 11 Oct 2015 11:47:21 +0000 (11:47 +0000)]
add variation on existing --exists tests; separated by spaces

9 years agoAdd a symbolic name for the special '-1' value of iwm's sc_wantresp.
stsp [Sun, 11 Oct 2015 10:22:28 +0000 (10:22 +0000)]
Add a symbolic name for the special '-1' value of iwm's sc_wantresp.
ok phessler

9 years agoDocument that execve(2) resets SIGCHLD to SIG_DFL
guenther [Sun, 11 Oct 2015 09:51:26 +0000 (09:51 +0000)]
Document that execve(2) resets SIGCHLD to SIG_DFL

wordsmithing and ok jmc@

9 years agoPrefer .Fa over .Em for struct members
guenther [Sun, 11 Oct 2015 07:53:49 +0000 (07:53 +0000)]
Prefer .Fa over .Em for struct members

ok jmc@

9 years agoSimplify and lock down priv_open():
guenther [Sun, 11 Oct 2015 07:32:06 +0000 (07:32 +0000)]
Simplify and lock down priv_open():
 * kill the 'mode' argument
 * fail if passed any flags other than O_ACCMODE OR O_NONBLOCK
 * paranoia: mask O_CREAT when calling open() with only two arguments
 * instead of using ioctl(FIONBIO) after the fact, pass O_NONBLOCK to
   priv_open()

"good start" deraadt@
ok yasuoka@

9 years agoDocument that bind(2) and connect(2) ignore the incoming sa_len
guenther [Sun, 11 Oct 2015 07:25:11 +0000 (07:25 +0000)]
Document that bind(2) and connect(2) ignore the incoming sa_len

suggest by and ok deraadt@
wordsmithing jmc@

9 years agoYYSTYPE.number is int64_t, so format with <inttypes.h>'s PRId64
guenther [Sun, 11 Oct 2015 07:16:01 +0000 (07:16 +0000)]
YYSTYPE.number is int64_t, so format with <inttypes.h>'s PRId64

ok yasuoka@

9 years agoAfter the filesystem is opened, pledge "stdio"
deraadt [Sun, 11 Oct 2015 04:37:23 +0000 (04:37 +0000)]
After the filesystem is opened, pledge "stdio"
ok doug

9 years agoIf only displaying the disklabel (the normal thing to do against potentially
deraadt [Sun, 11 Oct 2015 04:36:22 +0000 (04:36 +0000)]
If only displaying the disklabel (the normal thing to do against potentially
unknown disks...), after opening & reading the disklabel, pledge "stdio"
ok doug

9 years agoAfter the disk is opened, this can pledge "stdio".
deraadt [Sun, 11 Oct 2015 04:33:17 +0000 (04:33 +0000)]
After the disk is opened, this can pledge "stdio".
ok doug

9 years agoThe <ctype.h> is*() interfaces expect EOF or an unsigned char; cast to
guenther [Sun, 11 Oct 2015 03:23:28 +0000 (03:23 +0000)]
The <ctype.h> is*() interfaces expect EOF or an unsigned char; cast to
(unsigned char) as required

found by Michael McConville (mmcconv1 (at) sccs.swarthmore.edu) w/Coccinelle

9 years agoDon't allow "rm -rf /"
daniel [Sun, 11 Oct 2015 03:08:46 +0000 (03:08 +0000)]
Don't allow "rm -rf /"

Patch from Theo Buehler who was inspired by watching Bryan Cantrill
in BSD Now 103.

Minor tweak from me to turn the complained variables into flags instead
of counters.

"i think it's ok" tedu@
"this isn't 1980 anymore" deraadt@
ok millert@

9 years agofix a regression spotted by chris@. the -f and -I arguments fetch process
deraadt [Sun, 11 Oct 2015 03:08:20 +0000 (03:08 +0000)]
fix a regression spotted by chris@.  the -f and -I arguments fetch process
arguments using kvm_getargs, after the pledge() has been made.  someone
brave should refactor this, hoisting the argument fetching to between
kvm_getprocs() and pledge() - storing the argument data as neccessary.
the current situation is also a race -- it fetches the data twice.

9 years ago__get_tcb() is needed for errno access in threaded programs on some archs.
guenther [Sun, 11 Oct 2015 01:56:56 +0000 (01:56 +0000)]
__get_tcb() is needed for errno access in threaded programs on some archs.
Make it always available.

ok deraadt@

9 years agoAlways set the timeout at least one tick in the future for EVFILT_TIMER
guenther [Sun, 11 Oct 2015 01:53:39 +0000 (01:53 +0000)]
Always set the timeout at least one tick in the future for EVFILT_TIMER
to avoid looping in softclock()

based on diff by sthen@
ok sthen@

9 years agoUserspace doesn't need to use SUN_LEN(): connect() and bind() must accept
guenther [Sun, 11 Oct 2015 00:26:23 +0000 (00:26 +0000)]
Userspace doesn't need to use SUN_LEN(): connect() and bind() must accept
sizeof(struct sockaddr_un), so do the simple, portable thing

ok beck@ deraadt@

9 years agoPrefer dprintf() over snprintf()+write()
guenther [Sun, 11 Oct 2015 00:20:29 +0000 (00:20 +0000)]
Prefer dprintf() over snprintf()+write()

ok beck@ deraadt@

9 years agoUse correct terminology
guenther [Sun, 11 Oct 2015 00:13:39 +0000 (00:13 +0000)]
Use correct terminology

9 years agoDocument support for CPU power states
guenther [Sun, 11 Oct 2015 00:12:38 +0000 (00:12 +0000)]
Document support for CPU power states

9 years agoConvert FIONBIO to SOCK_NONBLOCK
guenther [Sat, 10 Oct 2015 23:06:32 +0000 (23:06 +0000)]
Convert FIONBIO to SOCK_NONBLOCK

ok dlg@

9 years agoPledge that ln only needs "stdio rpath cpath".
doug [Sat, 10 Oct 2015 22:36:46 +0000 (22:36 +0000)]
Pledge that ln only needs "stdio rpath cpath".

ok deraadt@

9 years agopflogd contained the same "privsep error" as tcpdump -- assuming that
deraadt [Sat, 10 Oct 2015 22:36:06 +0000 (22:36 +0000)]
pflogd contained the same "privsep error" as tcpdump -- assuming that
it can ioctl()'s against a bpf device node.  Privsep that operation
via a message to the parent process.  Unfortunately "rpath wpath cpath"
is still needed due to SIGHUP handling, but I have asked canacar the
expert to look into this.

9 years agoPledge that arithmetic only takes "stdio".
doug [Sat, 10 Oct 2015 22:32:55 +0000 (22:32 +0000)]
Pledge that arithmetic only takes "stdio".

9 years agoInitial support for pledges in openssl(1) commands.
doug [Sat, 10 Oct 2015 22:28:51 +0000 (22:28 +0000)]
Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using.  However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions.  Most
commands only need "stdio rpath wpath cpath".  The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

9 years agopledge "stdio rpath wpath cpath fattr inet" after chroot and such
deraadt [Sat, 10 Oct 2015 22:21:39 +0000 (22:21 +0000)]
pledge "stdio rpath wpath cpath fattr inet" after chroot and such
appears to be good enough for the main loop processing.

9 years agopledge "stdio route"; untested. this has the if_nametoindex() problem as
deraadt [Sat, 10 Oct 2015 22:11:37 +0000 (22:11 +0000)]
pledge "stdio route"; untested.  this has the if_nametoindex() problem as
other *ctl programs using their daemon's log.c, and thus requires "route"
for now.  we hope to solve that issue soon.

9 years agoAdd a define for the invalid state, from mksh via Michael McConville.
nicm [Sat, 10 Oct 2015 22:09:23 +0000 (22:09 +0000)]
Add a define for the invalid state, from mksh via Michael McConville.

ok millert

9 years agoanother pledge argument reorder for sake of re-audit
deraadt [Sat, 10 Oct 2015 22:06:41 +0000 (22:06 +0000)]
another pledge argument reorder for sake of re-audit

9 years agoFix YP user and group support in getent(1).
doug [Sat, 10 Oct 2015 21:50:05 +0000 (21:50 +0000)]
Fix YP user and group support in getent(1).

These should have been "stdio getpw" before, but they worked for non-YP
environments.  With YP, it won't work without "getpw".

Reported by semarie@ and confirmed as a problem by miod@.

ok deraadt@

9 years agopledge "stdio rpath wpath cpath"
deraadt [Sat, 10 Oct 2015 21:29:59 +0000 (21:29 +0000)]
pledge "stdio rpath wpath cpath"
ok doug

9 years agoenv(1) is obviously a program falling into pledge "stdio exec". It
deraadt [Sat, 10 Oct 2015 21:19:14 +0000 (21:19 +0000)]
env(1) is obviously a program falling into pledge "stdio exec".  It
does stdio, and it does a raw execve().  It is so obvious.  It gets
only _exit(2), kbind(2), and 46 system calls -- over half of which
are deeply gutted in their functionality to only serve narrow libc
needs for "stdio (includes malloc)".  the other 161 system calls kill it.

9 years agoKill pledges to only use "stdio proc".
doug [Sat, 10 Oct 2015 21:15:25 +0000 (21:15 +0000)]
Kill pledges to only use "stdio proc".

deraadt@ notes that kill now works because of improved kernel semantics.
For full kill(1) functionality, you need the new kern_sig functionality.
Make sure you have an updated kernel.

ok deraadt@

9 years agopledge "stdio inet rpath" seems to be enough for a YP environment.
deraadt [Sat, 10 Oct 2015 21:08:09 +0000 (21:08 +0000)]
pledge "stdio inet rpath" seems to be enough for a YP environment.
rpath is to access /etc/rpc, and inet to talk to portmap & local world.
ok beck

9 years agopledge "stdio rpath wpath cpath proc exec"; this spawns cpp.
deraadt [Sat, 10 Oct 2015 20:57:00 +0000 (20:57 +0000)]
pledge "stdio rpath wpath cpath proc exec"; this spawns cpp.
ok doug

9 years agoAdded missing curly bracket into LIST_EMPTY example.
tobias [Sat, 10 Oct 2015 20:36:20 +0000 (20:36 +0000)]
Added missing curly bracket into LIST_EMPTY example.

ok deraadt@, otto@

9 years agonormalize a few more tame request orderings, to help review
deraadt [Sat, 10 Oct 2015 20:35:00 +0000 (20:35 +0000)]
normalize a few more tame request orderings, to help review

9 years agonormalize the ordering of tame requests (particularily, "rpath wpath cpath",
deraadt [Sat, 10 Oct 2015 20:18:30 +0000 (20:18 +0000)]
normalize the ordering of tame requests (particularily, "rpath wpath cpath",
which i have put in that order). this is not important, but helps look
for outliers which might be strange.  it hints that "ioctl" should be
reassessed in a few places, to see if "tty" is better; that "unix" may
be used in some places where "route" could now work.

9 years agopledge "dns rw" is not a reliable pattern. This means malloc() and other
deraadt [Sat, 10 Oct 2015 20:10:14 +0000 (20:10 +0000)]
pledge "dns rw" is not a reliable pattern.  This means malloc() and other
types of functions (perhaps required by 'stdio' or 'libevent' will not
become available unless DNS suceeds.  Replace it with "stdio dns".

9 years agoAdd pledge support in awk and make awk -safe actually safe.
doug [Sat, 10 Oct 2015 20:04:28 +0000 (20:04 +0000)]
Add pledge support in awk and make awk -safe actually safe.

awk -safe was introduced back in 1997 to stop awk from doing file output,
execute commands or access the environment.  The lexer rejected programs
when it saw awk commands that would write, exec or env.  Beyond that,
it wasn't safe from write/exec/env during program execution.

With pledge "stdio rpath", the kernel is now enforcing the awk -safe
mode restrictions at runtime (other than env).

Based on a diff by deraadt@

ok deraadt@ beck@

9 years agoRather than invoking fork/execve of dc(1) on a pipe, compile in the dc(1)
deraadt [Sat, 10 Oct 2015 19:28:54 +0000 (19:28 +0000)]
Rather than invoking fork/execve of dc(1) on a pipe, compile in the dc(1)
code directly and use it as a subfunction.  This refactoring allows use of
pledge "stdio rpath proc tty" in the main bc(1) process before fork, pledge
"stdio rpath tty" after fork, and fully reduced to "stdio" in the dc(1)
child.

This requires two recent to the kernel code (allowing sigsuspend(),
and kill() self as pid 0).
ok otto

9 years agosince kdump may getprotobynumber() late, do not drop "rpath". We could
deraadt [Sat, 10 Oct 2015 19:19:46 +0000 (19:19 +0000)]
since kdump may getprotobynumber() late, do not drop "rpath".  We could
potentially modify pledge() to permit /etc/protocols (/etc/rpc?
/etc/services? etc) without requiring a rpath attribute.. but where would
we draw the line for what /etc files libc functions need?  At present, we
draw that line closer to the minimum.
issue found by theo@math.ethz.ch

9 years agoFor pledge, sigsuspend() should is affecting the behaviour a process itself,
deraadt [Sat, 10 Oct 2015 19:15:53 +0000 (19:15 +0000)]
For pledge, sigsuspend() should is affecting the behaviour a process itself,
so we should allow it for 'self'.
ok djm

9 years agopid 0 also implies self, so allow that for the pledge case. Found in
deraadt [Sat, 10 Oct 2015 19:12:39 +0000 (19:12 +0000)]
pid 0 also implies self, so allow that for the pledge case.  Found in
a refactoring being done for the bc/dc relationship with otto.

9 years agopledge "stdio rpath wpath cpath"
deraadt [Sat, 10 Oct 2015 19:11:04 +0000 (19:11 +0000)]
pledge "stdio rpath wpath cpath"
ok doug

9 years agopledge "stdio getpw rpath wpath cpath tmppath proc exec". doug pointed out
deraadt [Sat, 10 Oct 2015 19:10:20 +0000 (19:10 +0000)]
pledge "stdio getpw rpath wpath cpath tmppath proc exec". doug pointed out
the need for getpw.  Not sure if I see ways to improve this program.
ok doug

9 years agoIn iwm(4), set mbuf pointers to NULL after freeing mbufs.
stsp [Sat, 10 Oct 2015 19:04:57 +0000 (19:04 +0000)]
In iwm(4), set mbuf pointers to NULL after freeing mbufs.
ok phessler mpi zhuk

9 years agopledge "stdio rpath wpath cpath proc exec". there is some potential
deraadt [Sat, 10 Oct 2015 19:03:08 +0000 (19:03 +0000)]
pledge "stdio rpath wpath cpath proc exec". there is some potential
for dropping some path attributes in between, but i will let someone
else do that.
ok doug

9 years agopledge "stdio rpath"
deraadt [Sat, 10 Oct 2015 19:02:19 +0000 (19:02 +0000)]
pledge "stdio rpath"
ok beck doug

9 years agopledge "stdio getpw rpath wpath cpath fattr". doug pointed out getpw*
deraadt [Sat, 10 Oct 2015 18:58:53 +0000 (18:58 +0000)]
pledge "stdio getpw rpath wpath cpath fattr".  doug pointed out getpw*
use, and fattr for chmod.
doug

9 years agoencrypt(1) also needs to pledge "wpath" for getpass().
doug [Sat, 10 Oct 2015 18:14:20 +0000 (18:14 +0000)]
encrypt(1) also needs to pledge "wpath" for getpass().

getpass() opens /dev/tty RW so it can write the prompt.

ok deraadt@

9 years agopledge "stdio rpath tty". rpath for the configuration reading done by
deraadt [Sat, 10 Oct 2015 17:59:15 +0000 (17:59 +0000)]
pledge "stdio rpath tty".  rpath for the configuration reading done by
login* subsystem, tty for readpassphase()
ok beck

9 years agopledge "stdio proc exec" works.
deraadt [Sat, 10 Oct 2015 17:48:34 +0000 (17:48 +0000)]
pledge "stdio proc exec" works.
ok doug

9 years agoshuffle #ifdef TIOCSTI block to avoid a future /*FALLTHROUGH*/ mistake.
deraadt [Sat, 10 Oct 2015 16:35:08 +0000 (16:35 +0000)]
shuffle #ifdef TIOCSTI block to avoid a future /*FALLTHROUGH*/ mistake.

9 years agoplege "stdio rpath tty". "tty" is for the curses code lurking in the
deraadt [Sat, 10 Oct 2015 16:15:03 +0000 (16:15 +0000)]
plege "stdio rpath tty".  "tty" is for the curses code lurking in the
background.
ok doug

9 years agopledge "stdio rpath proc exec". proc & exec because obviously it
deraadt [Sat, 10 Oct 2015 15:52:30 +0000 (15:52 +0000)]
pledge "stdio rpath proc exec".  proc & exec because obviously it
spawns subprocesses.  rpath is only needed for the -o (open /dev/tty)
or no -o (open /dev/null) choice.
ok beck

9 years agobasic pledge "stdio rpath"
deraadt [Sat, 10 Oct 2015 15:47:22 +0000 (15:47 +0000)]
basic pledge "stdio rpath"
ok doug

9 years agoReplace calls to x_emacs_putbuf() with x_do_ins() since all
millert [Sat, 10 Oct 2015 15:31:00 +0000 (15:31 +0000)]
Replace calls to x_emacs_putbuf() with x_do_ins() since all
x_emacs_putbuf() does is call x_do_ins().
From mksh via Michael McConville

9 years agopledge "stdio rpath" seems to work; ok doug
deraadt [Sat, 10 Oct 2015 15:08:49 +0000 (15:08 +0000)]
pledge "stdio rpath" seems to work; ok doug

9 years agopledge "stdio proc exec". relies on two recent kernel fixes.
deraadt [Sat, 10 Oct 2015 14:49:23 +0000 (14:49 +0000)]
pledge "stdio proc exec".  relies on two recent kernel fixes.

9 years agoallow sysctl of kern.clockrate
deraadt [Sat, 10 Oct 2015 14:48:03 +0000 (14:48 +0000)]
allow sysctl of kern.clockrate

9 years agoI forgot execve would go through the namei codepath, so a program marked
deraadt [Sat, 10 Oct 2015 14:46:15 +0000 (14:46 +0000)]
I forgot execve would go through the namei codepath, so a program marked
"stdio rpath" this would fail to execve.  pre-indicate exec actions to the
namei checker to allow them through.
ok semarie

9 years agomust also pledge "getpw", because it will use getpw* and getgr* functions.
deraadt [Sat, 10 Oct 2015 14:33:02 +0000 (14:33 +0000)]
must also pledge "getpw", because it will use getpw* and getgr* functions.
discussed with doug and semarie

9 years agopledge "stdio rpath route" seems to be working. route is needed for
deraadt [Sat, 10 Oct 2015 14:29:05 +0000 (14:29 +0000)]
pledge "stdio rpath route" seems to be working.  route is needed for
pretty printing some addresses.

9 years agopledge "stdio rpath wpath cpath". as a curses program, I expected this
deraadt [Sat, 10 Oct 2015 14:27:43 +0000 (14:27 +0000)]
pledge "stdio rpath wpath cpath". as a curses program, I expected this
to maybe need "tty", but have not found a path which calls those kind
of curses functions.
ok doug

9 years agopkill has to get all the getopt, getpwuid, libkvm stuff out of the way
deraadt [Sat, 10 Oct 2015 14:25:42 +0000 (14:25 +0000)]
pkill has to get all the getopt, getpwuid, libkvm stuff out of the way
first.  it can pledge to "stdio" (pgrep case) or "stdio proc" (pkill case)
before parsing and matching the expression.
ok doug

9 years agofairly obvious pledges.
deraadt [Sat, 10 Oct 2015 14:23:46 +0000 (14:23 +0000)]
fairly obvious pledges.
ok doug

9 years agofairly simple pledge to "stdio rpath wpath cpath"
deraadt [Sat, 10 Oct 2015 14:23:12 +0000 (14:23 +0000)]
fairly simple pledge to "stdio rpath wpath cpath"

9 years agoCode points U+10000 to U+fffff are valid, too.
schwarze [Sat, 10 Oct 2015 13:54:22 +0000 (13:54 +0000)]
Code points U+10000 to U+fffff are valid, too.
Fixing a regression in wcrtomb(3) found with the mandoc testsuite
that was caused by the last commit.
OK semarie@ bentley@

9 years agoDecide whether to use_pager as early as possible,
schwarze [Sat, 10 Oct 2015 13:20:25 +0000 (13:20 +0000)]
Decide whether to use_pager as early as possible,
in preparation for pledge(2); no functional change intended.

9 years agoadd (currently failing) test for --exists foo,bar.
jasper [Sat, 10 Oct 2015 12:20:10 +0000 (12:20 +0000)]
add (currently failing) test for --exists foo,bar.

spotted by aja@

9 years agoadd location to the fan description
jung [Sat, 10 Oct 2015 12:05:47 +0000 (12:05 +0000)]
add location to the fan description

9 years agofix wrong brackets in if statement
jung [Sat, 10 Oct 2015 11:57:20 +0000 (11:57 +0000)]
fix wrong brackets in if statement

9 years agothree conversions of fgetln() to getline()
jung [Sat, 10 Oct 2015 11:42:49 +0000 (11:42 +0000)]
three conversions of fgetln() to getline()

ok eric sunil

9 years agoFix /var/spool/smtpd/offline ownership and mode.
ajacoutot [Sat, 10 Oct 2015 09:45:15 +0000 (09:45 +0000)]
Fix /var/spool/smtpd/offline ownership and mode.

ok gilles@

9 years agoMake functions that accept multiple iterations via C-u N, honour 0.
lum [Sat, 10 Oct 2015 09:13:14 +0000 (09:13 +0000)]
Make functions that accept multiple iterations via C-u N, honour 0.
Except C-k which has a defined behaviour. In mg, C-t doesn't complete
n iterations if requested, but probably should, hence it has been
included in this diff.

9 years agoCall onlywind() properly.
lum [Sat, 10 Oct 2015 08:35:26 +0000 (08:35 +0000)]
Call onlywind() properly.

9 years agoMake tcpdump(1) print more information from the HT Capabilities element.
stsp [Sat, 10 Oct 2015 07:52:30 +0000 (07:52 +0000)]
Make tcpdump(1) print more information from the HT Capabilities element.
tweak + ok sthen@

9 years agoAdd macros for A-MPDU and MCS data, both found in HT capabilities element.
stsp [Sat, 10 Oct 2015 07:51:47 +0000 (07:51 +0000)]
Add macros for A-MPDU and MCS data, both found in HT capabilities element.
typo fix + ok sthen@

9 years agoUnused macros; from Michael McConville.
nicm [Sat, 10 Oct 2015 07:38:18 +0000 (07:38 +0000)]
Unused macros; from Michael McConville.

9 years agoMove more declarations out of proto.h into better headers, from Michael
nicm [Sat, 10 Oct 2015 07:35:16 +0000 (07:35 +0000)]
Move more declarations out of proto.h into better headers, from Michael
McConville. No binary change.

9 years agoSome of these large so easy to contain, with "stdio rpath".
deraadt [Sat, 10 Oct 2015 05:47:54 +0000 (05:47 +0000)]
Some of these large so easy to contain, with "stdio rpath".
ok doug

9 years agosimple program using "stdio rpath"
deraadt [Sat, 10 Oct 2015 05:43:48 +0000 (05:43 +0000)]
simple program using "stdio rpath"
ok doug

9 years agoAdd pledge support to cmp(1).
doug [Sat, 10 Oct 2015 05:35:22 +0000 (05:35 +0000)]
Add pledge support to cmp(1).

This is a simple case of using "stdio rpath" until all files are opened and
then dropping down to "stdio" since it includes "rw" on open fds.

ok deraadt@

9 years agopledge to only use "stdio rpath"; ok doug
deraadt [Sat, 10 Oct 2015 05:32:52 +0000 (05:32 +0000)]
pledge to only use "stdio rpath"; ok doug

9 years agoAdd pledge support to getent(1).
doug [Sat, 10 Oct 2015 05:26:57 +0000 (05:26 +0000)]
Add pledge support to getent(1).

This pledges the superset of all requests for the various getent databases
and then drops to the minimum for the chosen database.

ok deraadt@

9 years agoMake use of pledge(2).
renato [Sat, 10 Oct 2015 05:12:33 +0000 (05:12 +0000)]
Make use of pledge(2).

ok deraadt

9 years agoMove some interface initialization bits from if_init() to eigrp_if_start()
renato [Sat, 10 Oct 2015 05:09:19 +0000 (05:09 +0000)]
Move some interface initialization bits from if_init() to eigrp_if_start()
and call if_init() only during the startup of the eigrpe process.

9 years agoRemove attached neighbors whenever an interface is disabled to speedup
renato [Sat, 10 Oct 2015 05:07:10 +0000 (05:07 +0000)]
Remove attached neighbors whenever an interface is disabled to speedup
the convergence process.

9 years agoeigrpctl pledges to use stdio and route.
renato [Sat, 10 Oct 2015 05:06:00 +0000 (05:06 +0000)]
eigrpctl pledges to use stdio and route.

ok deraadt

9 years agoFix detection of interface up/down events.
renato [Sat, 10 Oct 2015 05:03:39 +0000 (05:03 +0000)]
Fix detection of interface up/down events.

9 years agorelayctl pledges to use stdio only
benno [Sat, 10 Oct 2015 00:37:40 +0000 (00:37 +0000)]
relayctl pledges to use stdio only
ok reyk@ sure deraadt@

9 years agopledge("stdio route") needed here, because ipv6
benno [Sat, 10 Oct 2015 00:19:52 +0000 (00:19 +0000)]
pledge("stdio route") needed here, because ipv6
ok deraadt@

9 years agorelayd's ca process pledges to only use stdio.
benno [Sat, 10 Oct 2015 00:16:23 +0000 (00:16 +0000)]
relayd's ca process pledges to only use stdio.
ok deraadt@

9 years agoksh can run with pledge "stdio rpath wpath cpath getpw fattr proc exec tty"
deraadt [Sat, 10 Oct 2015 00:10:07 +0000 (00:10 +0000)]
ksh can run with pledge "stdio rpath wpath cpath getpw fattr proc exec tty"
if the mknod builtin is disabled.  It looks like a lot of abilities, but
hey, this is a shell.  can't open sockets or do other nasty stuff though.
(we'll leave the mknod builtin enabled on the install media for now; there
is work happening to regain the MAKEDEV performance in a different way)
discussions with otto & millert in particular