CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2015/10/19 19:44:00
Modified files:
sys/sys : pledge.h
sys/kern : kern_pledge.c uipc_syscalls.c
Log message:
Always allow the setsockopt & getsockopt system calls... however, in the
default case only allows SOL_SOCKET SO_RCVBUF which is very common in
network-facing daemons. Many of them manage this on a socket after
dropping abilities which can get them _new_ sockets.. syslogd, bgpd,
relayd, etc etc. Other sockopts still require specific pledges.
Tested by bluhm.
