| created | 2022-07-23T19:24:36Z |
|---|---|
| begin | 2022-07-17T00:00:00Z |
| end | 2022-07-18T00:00:00Z |
| path | src/sys |
| commits | 5 |
| date | 2022-07-17T03:17:00Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/sys/pledge.h | log | diff | annotate |
| message |
the PLEDGE_YPACTIVE "hack" bit related to "getpw" pledge goes away. libc no longer does accesses /var/run/ypbind.lock to trigger extra permissions for userland-opening of files & sockets to engage with ypserver for YP/LDAP lookups. libc now uses the super secret special ypconnect() system call to perform socket-setup. Delete some other things which are no longer reached via libc/rpc ok jmatthew, miod |
|||
| date | 2022-07-17T03:17:01Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/kern/kern_pledge.c | log | diff | annotate |
| message |
the PLEDGE_YPACTIVE "hack" bit related to "getpw" pledge goes away. libc no longer does accesses /var/run/ypbind.lock to trigger extra permissions for userland-opening of files & sockets to engage with ypserver for YP/LDAP lookups. libc now uses the super secret special ypconnect() system call to perform socket-setup. Delete some other things which are no longer reached via libc/rpc ok jmatthew, miod |
|||
| date | 2022-07-17T04:29:37Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/sys/pledge.h | log | diff | annotate |
| message |
backout last step: the path checks are too strong until everyone has a new libc.. |
|||
| date | 2022-07-17T04:29:38Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/kern/kern_pledge.c | log | diff | annotate |
| message |
backout last step: the path checks are too strong until everyone has a new libc.. |
|||
| date | 2022-07-17T17:59:35Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/uvm/uvm_pager.c | log | diff | annotate |
| message |
Revert the changes made in rev 1.82. It is important to use pmap_enter(9) and pmap_remove(9) here since we're dealing with managed pages here. Found out the hard way by deraadt@ on landisk where we're running into issues with virtual cache aliases because multiple mappings exist for the pages we're dealing with here. The pmap_enter(9) and pmap_remove(9) functions handle conflicting cache aliases, whereas pmap_map_direct(9) and pmap_kenter_pa(9) assume that the pages is exclusively mapped in the kernel pmap. ok deraadt@ |
|||