| created | 2022-07-23T19:27:20Z |
|---|---|
| begin | 2022-07-18T00:00:00Z |
| end | 2022-07-19T00:00:00Z |
| path | src/sys |
| commits | 6 |
| date | 2022-07-18T03:02:05Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/kern/uipc_syscalls.c | log | diff | annotate |
| message |
For opening up the bindings file in ypconnect(2), bail out early if chrooted issue pointed out by semarie |
|||
| date | 2022-07-18T04:42:37Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/kern/uipc_syscalls.c | log | diff | annotate |
| message |
the domainname is under root control, but because we are producing a path inside ypconnect(), it is best if we prevent "../" problems. so reject domainnames containing '/. discussed with jca |
|||
| date | 2022-07-18T10:55:20Z | |||
|---|---|---|---|---|
| author | mvs | |||
| files | src/sys/net/if_pppx.c | log | diff | annotate |
| message | Remove locks description duplicate. No functional changes. | |||
| date | 2022-07-18T12:48:35Z | |||
|---|---|---|---|---|
| author | visa | |||
| files | src/sys/arch/octeon/conf/Makefile.octeon | log | diff | annotate |
| message |
Compile octeon kernels with -march=mips64r2 Even though -march=octeon seems to work, avoid it for now. It is not entirely certain that the compiler will not use cnMIPS special registers accidentally in normal kernel code. Discussed with and OK miod@ |
|||
| date | 2022-07-18T17:45:46Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/kern/kern_pledge.c | log | diff | annotate |
| src/sys/sys/pledge.h | log | diff | annotate | |
| message |
Delete the YPACTIVE toggling code when "getpw" code access/open are done to /var/run/ypbind.lock. "getpw" is now only allows ypconnect(2) and the minimum unveil bypasses. Still allow open/acesss to file for a little while, because getpwent/getgrent/etc were opening it unconditionally to hint for YPACTIVE. That code should be deleted before 7.2 |
|||
| date | 2022-07-18T18:02:27Z | |||
|---|---|---|---|---|
| author | jca | |||
| files | src/sys/kern/kern_pledge.c | log | diff | annotate |
| src/sys/sys/pledge.h | log | diff | annotate | |
| src/sys/uvm/uvm_swap.c | log | diff | annotate | |
| message |
Restrict pledge("vminfo") callers to read-only swapctl(2) operations. Those are the read-only operations allowed for non-root users: SWAP_NSWAP and SWAP_STATS. Users of pledge("vminfo") in base which also call swapctl(2) with said commands: top(1) and pstat(8). No regression spotted with top(1) and pstat(8) -s/-T. ok deraadt@ |
|||