CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2025/08/08 18:29:29
Modified files:
sys/kern : kern_pledge.c
Log message:
Permit setsockopt/getsockopt IPPROTO_IP/IP_TOS and IPPROTO_IPV6/IPV6_TCLASS
in pledge "stdio". Previously these were restricted to "inet", which is
a bit rich for a program which only needs to do this (very minor) operation
and is specifically trying to avoid giving itself socket-creation abilities.
This allows upcoming work in a sshd privsep process which uses other pledge
options, it now will not require "inet". I cannot think of any way in which
setting TOS creates a hazard.
ok djm beck
