CVSROOT: /cvs Module name: src Changes by: [email protected] 2019/06/16 03:30:15
Modified files:
sbin/sysctl : sysctl.c
Log message:
Restrict filesystem access to read only _PATH_DEVDB and /dev through unveil(2),
discussed by many.
Additionally call ctime(3) before unveil(2) in order to avoid potential $TZ
expansion and therefore avoiding opening more files that would need to be read,
idea from deraadt@.
While here sort the headers alphabetically.
OK florian@ deraadt@
