From bcca00f50eaedfcfa1842aa4a127d10097b9ed79 Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 30 Oct 2023 01:34:13 +0000 Subject: [PATCH] make special note, right at the start, that DNS is handled seperately from regular network. All the crummy pledge clones don't do that. ok millert --- lib/libc/sys/pledge.2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/libc/sys/pledge.2 b/lib/libc/sys/pledge.2 index 18c01fded75..e273c323de3 100644 --- a/lib/libc/sys/pledge.2 +++ b/lib/libc/sys/pledge.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: pledge.2,v 1.67 2023/08/20 15:17:53 visa Exp $ +.\" $OpenBSD: pledge.2,v 1.68 2023/10/30 01:34:13 deraadt Exp $ .\" .\" Copyright (c) 2015 Nicholas Marriott .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 20 2023 $ +.Dd $Mdocdate: October 30 2023 $ .Dt PLEDGE 2 .Os .Sh NAME @@ -30,7 +30,7 @@ The system call forces the current process into a restricted-service operating mode. A few subsets are available, roughly described as computation, memory management, read-write operations on file descriptors, opening of files, -and networking. +networking (and notably seperate, DNS resolution). In general, these modes were selected by studying the operation of many programs using libc and other such interfaces, and setting .Fa promises -- 2.20.1