CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2022/08/02 03:07:34
Modified files:
usr.bin/usbhidaction: usbhidaction.c
Log message:
shamelessly missed to unveil(_PATH_BSHELL, "x") which is required to run the
commands inside usbhidaction(1)'s `conf'
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2022/02/22 01:20:35
Modified files:
libexec/rpc.rusersd: rusersd.c
Log message:
disable further calls to unveil(2)
pointed out by brynet@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2022/02/21 12:49:46
Modified files:
libexec/rpc.rusersd: rpc.rusersd.8 rusersd.c
Log message:
unveil(2) "/dev" read-only instead of using chroot(2)/chdir(2). after calling
the latter the program then also
On 04:21 Wed 15 Dec , Ricardo Mestre wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: mes...@cvs.openbsd.org 2021/12/15 04:21:35
>
> Modified files:
> usr.bin/usbhidctl: usbhid.c
>
> Log message:
> restrict all filesystem access with unveil(
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/12/15 04:23:09
Modified files:
usr.bin/usbhidaction: usbhidaction.c
Log message:
restrict filesystem access with unveil(2).
this one opens the default table file "/usr/share/misc/usb_hid_usages"
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/12/15 04:21:35
Modified files:
usr.bin/usbhidctl: usbhid.c
Log message:
restrict all filesystem access with unveil(2).
hid_start(3) opens `table' through libusbhid, then usbhidctl(1) itself opens
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/11/11 01:48:48
Modified files:
usr.bin/who: who.c
Log message:
remove whitespace
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/11/11 01:42:31
Modified files:
usr.bin/who: who.c
Log message:
There's no need to call pledge(2) so many times, or on many places, with the
same promises, just call it once before the switch case
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/10/23 13:08:48
Modified files:
libexec/login_reject: login_reject.c
Log message:
ensure that sensitive data is zeroed out from mem.
ok beck@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/10/23 10:45:32
Modified files:
bin/stty : stty.c
Log message:
stty(1) can't be pledged for all modes, but it can be unveiled. the only file to
be opened is on stty -f `file', so call unveil(2)
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/10/23 09:08:26
Modified files:
games/backgammon/teachgammon: teach.c
Log message:
missed in previous commit
this was ok tb@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/10/23 05:22:49
Modified files:
games/atc : main.c
games/backgammon/backgammon: main.c
games/battlestar: battlestar.c
games/boggle/boggle: bog.c
games/bs :
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/07/16 08:36:09
Modified files:
usr.sbin/ntpd : ntpd.c
Log message:
main proc doesn't speak with sockets during the main loop and setpriority plus
chroot (and privdrop) in the child procs at this point
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/07/16 08:34:37
Modified files:
usr.sbin/ntpd : ntpd.c
Log message:
/etc/ssl/cert.pem is loaded into mem with tls_load_file(3) on local function
priv_constraint_child() which is called before we reach
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/07/07 01:28:56
Modified files:
libexec/spamd : spamd.c
Log message:
Hoist whole TLS initialization instead of loading the cert/key into memory first
and setting them up later on, nowadays it's
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/03/25 10:23:39
Modified files:
sys/net80211 : ieee80211_ra.c
Log message:
an invalid value of `mcs' may come from the hardware so adjust code so that the
value is only used after checking if it's
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/02/11 04:57:32
Modified files:
sys/dev/pv : vmt.c
Log message:
Initialize var since it's used in a condition a little bit afterwards.
CID 1501713
ok jmatthew@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/02/06 14:42:30
Modified files:
games/backgammon/teachgammon: teach.c
Log message:
while learning (teachgammon(1)) you might want to save your game so "{w,c}path"
pledge(2) permissions are required
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2021/01/11 03:24:08
Modified files:
usr.sbin/relayd: relayd.c
Log message:
Stop deleting the control socket on daemon shutdown, like we did on other
daemons. This avoids giving an additional permission (in
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2020/08/19 08:23:26
Modified files:
usr.sbin/relayd: relayd.c
Log message:
add unveil(2) again
this allows reading from anywhere in the filesystem (in order to read the
config file and those ones included
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2020/06/22 09:09:34
Modified files:
usr.sbin/ldpd : control.c control.h ldpe.c
Log message:
On my previous commit I made the wrong assumption that the control socket was
being unlink(2)ed from the main
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2020/05/29 01:16:50
Modified files:
usr.bin/from : from.c
Log message:
At this point getpwuid(3) was already called therefore "getpw" promise can be
dropped from pledge(2).
>From Martin Vahlensieck <
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2020/05/25 03:14:50
Modified files:
usr.bin/sndioctl: sndioctl.c
Log message:
For regular users sndioctl(1) can be restricted to pledge(2) "stdio", but since
it can also be run by root to access the raw
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2020/04/24 01:28:37
Modified files:
sys/dev/pci: if_mcx.c
Log message:
Fix typo which could lead into a double free
CID 1492713
OK deraadt@ jmatthew@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2020/03/06 08:17:05
Modified files:
usr.bin/lndir : lndir.c
Log message:
lndir(1) doesn't need write access to any files and/or folders so wpath promise
can be dropped from pledge(2)
found by
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/11/30 07:02:47
Modified files:
usr.sbin/usbdevs: usbdevs.c
Log message:
unveil(2) /dev with read permissions since it's the only directory usbdevs(8)
will read from
OK kn@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/11/30 07:02:29
Modified files:
usr.sbin/pcidump: pcidump.c
Log message:
pcidump(8) only opens devices in O_RDONLY from /dev, and additionally writes a
`romfile' if -r is used, but since I'm only
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/11/30 07:01:45
Modified files:
usr.bin/file : file.c
Log message:
After fork(2) the pledge(2) in the parent proc can be reduced to
"stdio rpath sendfd" so that it can call {l,}stat/open and sendfd
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/11/08 00:26:38
Modified files:
usr.sbin/lpd : lp.c
Log message:
fix bogus pointer/double free crash, when /etc/printcap db file is not present,
by adding a missing check for the return value -1 on
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/08/09 19:30:53
Modified files:
usr.sbin/ldpd : ldpd.c ldpe.c
Log message:
Like we did on other daemons that cannot be pledged due to forbidden ioctls the
main process can be unveiled to restrict
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/08/08 10:50:52
Modified files:
usr.sbin/snmpd : snmpe.c
Log message:
added /* no filesystem visibility */ above unveil("/", "") since "" is too easy
to misread.
as per suggestion by and OK deraadt@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/08/08 10:50:15
Modified files:
usr.sbin/ripd : ripd.c
Log message:
added /* no filesystem visibility */ above unveil("/", "") since "" is too easy
to misread.
as per suggestion by and OK deraadt@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/08/08 10:49:35
Modified files:
usr.bin/nc : netcat.c
Log message:
added /* no filesystem visibility */ above unveil("/", "") since "" is too easy
to misread.
as per suggestion by and OK deraadt@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/08/08 10:48:48
Modified files:
sbin/ifconfig : ifconfig.c
Log message:
added /* no filesystem visibility */ above unveil("/", "") since "" is too easy
to misread.
as per suggestion by and OK deraadt@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/08/08 00:59:44
Modified files:
usr.sbin/dhcpd : pfutils.c
Log message:
One missing piece when I added pledge(2) to dhcpd(8) was in the code path when
it's invoked with either -A/-C/-L, which at the
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/08/06 07:34:36
Modified files:
libexec/spamd : spamd.c
Log message:
By now we are already confident that pledge(2) "just works(tm)" and that it can
be used to effectively remove filesystem access.
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/07/29 11:26:00
Modified files:
share/man/man5 : acct.5
Log message:
Add AUNVEIL bit to the acct(5) manpage since it's already being used by both
kernel and userland.
OK deraadt@ jmc@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/07/24 12:41:05
Modified files:
libexec/spamd : spamd.8
Log message:
Ever since I introduced pledge(2) on spamd(8) the chroot'ed process, if running
in default, cannot get anywhere near the filesystem
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/07/24 02:57:00
Modified files:
usr.bin/ssh: clientloop.c
Log message:
When using a combination of a Yubikey+GnuPG+remote forwarding the gpg-agent
(and options ControlMaster+RemoteForward in
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/07/22 03:19:52
Modified files:
usr.sbin/switchd: switchd.c
Log message:
switchd(8)'s main proc needs to open the following paths, and which can be
unveiled:
/ -> read, it will open config files from
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/07/11 11:28:32
Modified files:
usr.bin/tsort : tsort.c
Log message:
Remove duplicate pledge(2) and comment from another era. While here also place
the final pledge "stdio" within main() for better
On 00:55 Thu 11 Jul , Ricardo Mestre wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: mes...@cvs.openbsd.org 2019/07/11 00:55:02
>
> Modified files:
> sbin/dhclient : dhclient.c
>
> Log message:
> The privileged process of dhclien
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/07/11 00:55:02
Modified files:
sbin/dhclient : dhclient.c
Log message:
The privileged process of dhclient(8) runs several ioctl(2)s that are forbidden
by pledge(2) and therefore we cannot add it here.
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/06/16 03:30:15
Modified files:
sbin/sysctl: sysctl.c
Log message:
Restrict filesystem access to read only _PATH_DEVDB and /dev through unveil(2),
discussed by many.
Additionally call ctime(3)
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/04/30 12:28:45
Modified files:
usr.bin/chpass : chpass.c
Log message:
add unveil(2):
chpass(1) without parameters enters in edit mode by default, in here it will
need to execute _PATH_BSHELL to spawn
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/04/30 11:05:15
Modified files:
usr.sbin/hotplugd: hotplugd.c
Log message:
Restrict filesystem access with unveil(2):
First it needs to open(2) `device' with read permissions, /dev/hotplug by
default
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/04/24 13:13:49
Modified files:
usr.sbin/relayd: relayd.c
Log message:
restrict filesystem access to read only on main process via unveil(2)
ok benno@ deraadt@
On 05:44 Thu 10 Jan , Ricardo Mestre wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: mes...@cvs.openbsd.org 2019/01/10 05:44:54
>
> Modified files:
> usr.bin/nc : netcat.c socks.c
>
> Log message:
> Revert back previous commit and stop i
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/01/10 05:44:54
Modified files:
usr.bin/nc : netcat.c socks.c
Log message:
Revert back previous commit and stop including strings.h
Use memset(3) instead of bzero(3) since POSIX recommends using
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2019/01/10 05:13:44
Modified files:
usr.sbin/unbound/smallapp: unbound-anchor.c
Log message:
change order of pledge(2) promises to the canonical form.
while here also use NULL as its second argument,
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/11/14 10:24:14
Modified files:
lib/libssl : ssl_lib.c
Log message:
Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@,
instead of 'uint16_t'
Found with llvm's static
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/11/14 10:24:01
Modified files:
usr.sbin/bgpd : config.c
Log message:
Plug memory leak in host()'s error code path
OK claudio@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/11/13 00:29:07
Modified files:
usr.sbin/snmpd : snmpe.c
Log message:
Remove #if'ed 0 code around a broken pledge. Due to some ioctls and sysctls
pledge cannot be used, nevertheless since we now have
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/11/08 08:41:41
Modified files:
usr.bin/passwd : local_passwd.c
Log message:
unveil(2) obvious _PATH_LOGIN_CONF with read permission to use login_get*(3)
family commands.
Report and fix provided by
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/11/08 00:14:37
Modified files:
usr.sbin/tcpdrop: tcpdrop.c
Log message:
tcpdrop(8) needs to access only two files, in this case /etc/hosts and
/etc/resolv.conf both with read permissions for the
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/11/05 04:59:05
Modified files:
usr.sbin/snmpd : snmpd.c snmpe.c
Log message:
snmpd(8)'s main process needs to open the config file and /dev/pf both with
read permissions, but once it reaches pledge(2)
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/10/31 01:39:13
Modified files:
usr.sbin/ifstated: ifstated.c
Log message:
ifstated(8) needs to load configfile from within the main loop, but also to
reload it on SIGHUP so unveil(2) it with read
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/10/31 01:39:10
Modified files:
usr.bin/htpasswd: htpasswd.c
Log message:
htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in
batch mode and 2 arguments are used we know we have
CVSROOT:/cvs
Module name:xenocara
Changes by: mes...@cvs.openbsd.org 2018/10/26 11:37:47
Modified files:
app/bdftopcf : bdftopcf.c
Log message:
Add a few \n I missed to add in some fprintf(3)s in my last commit
CVSROOT:/cvs
Module name:xenocara
Changes by: mes...@cvs.openbsd.org 2018/10/26 11:12:03
Modified files:
app/bdftopcf : bdftopcf.c
Log message:
If input_name is provided we can unveil(2) it with read permissions, if
output_name is provided we need to unveil(2) this
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/10/26 11:11:32
Modified files:
usr.bin/getconf: getconf.c
Log message:
The code path were we pass `pathname' in the arguments is already limited
with pledge(2), but since we know exactly what it is
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/10/26 11:11:33
Modified files:
usr.sbin/kvm_mkdb: kvm_mkdb.c
Log message:
If we pass `file' via args then we need to unveil(2) it with read permission,
otherwise if omitted we need to unveil(2) both
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/10/25 00:42:35
Modified files:
libexec/spamd : grey.c
Log message:
When spamd(8) runs in greylist mode in the parent process (which runs
greywatcher()) we know that the only files that it will ever
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/10/25 00:41:50
Modified files:
libexec/spamlogd: spamlogd.c
Log message:
The only file that spamlogd(8) needs to access after calling pledge(2) is
PATH_SPAMD_DB, so unveil(2) it with O_RDWR
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/10/25 00:41:38
Modified files:
usr.bin/passwd : local_passwd.c
Log message:
unveil(2) the following files for passwd(1) with their corresponding
permissions:
_PATH_MASTERPASSWD_LOCK - write/create
CVSROOT:/cvs
Module name:xenocara
Changes by: mes...@cvs.openbsd.org 2018/10/25 00:41:25
Modified files:
xserver/os : privsep.c
Log message:
xserver's priv proc is responsible for opening devices in O_RDWR mode and send
their fds over to the parent proc. Knowing
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/28 12:21:52
Modified files:
usr.bin/sdiff : sdiff.c
Log message:
Add unveil(2) to sdiff(1) to the following files:
filename1 - given via args - read permission
filename2 - same as above
tmpdir -
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/28 08:03:14
Modified files:
sbin/savecore : savecore.c
Log message:
add missing unveil(2) of an arbitrary kernel (when -N is used), or _PATH_UNIX by
default, with read permissions.
report and fix
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/28 00:48:59
Modified files:
usr.sbin/tcpdump: privsep.c
Log message:
add unveil(2) to tcpdump(8)
The following files are opened in the privsep proc, with read permissions, and
therefore need to be
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/27 00:52:15
Modified files:
usr.sbin/vipw : vipw.c
Log message:
add unveil(2) to vipw(8)
The files needed to be unveiled directly or indirectly via libutil are the
following:
-
renato@ finally contacted me in private and he also gave me his OK@
On 08:53 Wed 26 Sep , Ricardo Mestre wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: mes...@cvs.openbsd.org 2018/09/26 08:53:34
>
> Modified files:
> usr.sbin/eigrpd: eigrpd.c
>
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/26 08:54:58
Modified files:
usr.sbin/user : user.c
Log message:
Fix segfault in usermod -l by swapping one of the getpwnam(3) with
uid_from_user(3). This started happening a few days ago after the
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/26 08:53:34
Modified files:
usr.sbin/eigrpd: eigrpd.c
Log message:
Fix use-after-free by moving the free(3) of the configured interfaces to after
the eigrp instances on shutdown.
tried to contact
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/25 00:48:48
Modified files:
usr.bin/getent : getent.c
Log message:
Since each database that has the rpath promise only needs to access one
specific file (in read mode) we can add a 4th attribute to
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/25 00:43:20
Modified files:
usr.bin/getent : getent.c
Log message:
Remove initial pledge(2) that doesn't give us much protection since it's so
short lived, we either go directly exiting the program
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/19 01:47:54
Modified files:
sys/dev/usb: if_mue.c
Log message:
In mue_iff() move the initialization of the hash table up so that is done
unconditionally, like it's done on other devices, so that
On 08:14 Mon 17 Sep , Ricardo Mestre wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: mes...@cvs.openbsd.org 2018/09/17 08:14:40
>
> Modified files:
> usr.bin/audioctl: audioctl.c
>
> Log message:
> unveil(2) "path" (/dev/audi
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/18 00:36:18
Modified files:
sys/net80211 : ieee80211_node.c
Log message:
fix memory leak in ieee80211_end_scan()
OK phessler@ jsg@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/17 08:14:40
Modified files:
usr.bin/audioctl: audioctl.c
Log message:
unveil(2) "path" (/dev/audioctl0 by default, or changed via args) with rw
access and disable further calls to unveil(2) with
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/14 17:40:10
Modified files:
sys/netinet: ipsec_input.c ipsec_output.c
Log message:
Initialize the TDB to NULL in ipsec_common_input() and
ipsec_{input,output}_cb() so that in the case of sending
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/09/13 01:49:33
Modified files:
sys/kern : kern_pledge.c
Log message:
When unveil(2) was introduced one break from SYS_access case was removed
here, this adds it back. Noticed by Coverity 1471854.
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/28 06:25:53
Modified files:
usr.bin/ssh: auth2-pubkey.c
Log message:
fix misplaced parenthesis inside if-clause. it's harmless and the only issue is
showing an unknown error (since it's not
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/28 06:17:45
Modified files:
usr.bin/ssh: auth2-hostbased.c
Log message:
fix build with DEBUG_PK enabled
OK dtucker@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/25 11:09:40
Modified files:
sys/dev/usb: if_smsc.c
Log message:
fix misplaced parenthesis inside an if-clause. already fixed in FreeBSD in rev
295608.
OK jca@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/25 11:07:20
Modified files:
sys/dev/usb: if_upgt.c
Log message:
fix misplaced parenthesis inside an if-clause. already fixed in NetBSD in rev
1.13.
OK stsp@ jca@ claudio@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/24 05:31:17
Modified files:
games/canfield/cfscores: cfscores.c
Log message:
During our refactor with tedu@ tb@ and myself we moved the score file to the
user's home folder and setgid was removed.
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/24 05:14:49
Modified files:
games/bs : bs.c
games/canfield/canfield: canfield.c
games/hack : makedefs.c
games/quiz : quiz.c
games/snake: snake.c
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/23 00:27:54
Modified files:
usr.sbin/ac: ac.c
Log message:
We can safely assume that our utmp(5) file format implementation can guarantee
space for the NUL character, nevertheless there will
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/23 00:26:35
Modified files:
games/robots : main.c
Log message:
reduce pledge(2) to "stdio tty" after ncurses initialization. robots(6) uses a
scorefile nevertheless an fd is opened way in advance
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/23 00:25:01
Modified files:
games/grdc : grdc.c
Log message:
reduce pledge(2) to "stdio tty" after ncurses initialization.
OK tb@
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/20 00:24:50
Modified files:
usr.sbin/ac: ac.c
Log message:
Since we can feed localtime(3) with garbage input, or with input it cannot
interpret, we always need to check its return value, and in
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/18 09:25:20
Modified files:
usr.sbin/rdate : ntp.c rfc868time.c
Log message:
After calling getaddrinfo(3) both on rfc868 and ntp cases we can drop the "dns"
promise and only pledge("stdio inet")
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/14 00:38:33
Modified files:
usr.sbin/apm : apm.c
Log message:
Drop unnecessary pledge(2) promises on apm(8):
After we successfully connect to the unix socket created by apmd(8) all actions
occur
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/11 05:04:26
Modified files:
usr.bin/mesg : mesg.c
Log message:
actually s/unveil/pledge on err(3), I missed it on previous commit.
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/11 05:01:37
Modified files:
usr.bin/kdump : kdump.c
Log message:
the only fs access kdump(1) needs is to the tracefile which by default is
ktrace.out unless argument -f is used. We can just
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/11 05:00:34
Modified files:
usr.bin/look : look.c
Log message:
look(1) will access /usr/share/dict/words to look for the string we want, or it
may access another file instead if we mention it via
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/11 04:59:34
Modified files:
usr.bin/biff : biff.c
Log message:
Just like in mesg(1) in biff(1) we just need to push down pledge(2) a little
bit to get the tty name. After this we can unveil(2) the
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/11 04:58:39
Modified files:
usr.bin/mesg : mesg.c
Log message:
this one was my fault, when an error occurrs on mesg(1) it must exit with error
values >1 since the return value 1 is used to
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/09 11:51:22
Modified files:
games/trek : main.c
Log message:
The game is playable without the need to access any files therefore we can
effectively disable all fs access by dropping "rpath wpath
CVSROOT:/cvs
Module name:src
Changes by: mes...@cvs.openbsd.org 2018/08/08 14:15:17
Modified files:
usr.bin/ctfconv: ctfconv.c
Log message:
add unveil(2) to ctfconv(1)
Once we know what the input file is, usually /bsd.gdb, we can unveil it in read
mode. If we also
1 - 100 of 244 matches
Mail list logo