#
2c53affb |
| 27-Dec-2022 |
jmc <jmc@openbsd.org> |
spelling fixes; from paul tagliamonte any changes not taken noted on tech, but chiefly here i did not take the cancelation - cancellation changes;
|
#
8d83ce74 |
| 23-Mar-2022 |
millert <millert@openbsd.org> |
setclasscontext: support LOGIN_SETRTABLE too Do not clear LOGIN_SETRTABLE if it is set in flags. OK deraadt@
|
#
c51f890a |
| 20-Mar-2022 |
millert <millert@openbsd.org> |
setusercontext: only call setrtable(2) if "rtable" set explicitly. When LOGIN_SETRTABLE is set in flags, only call setrtable(2) if there is an "rtable" entry in login.conf. Previously, a default val
setusercontext: only call setrtable(2) if "rtable" set explicitly. When LOGIN_SETRTABLE is set in flags, only call setrtable(2) if there is an "rtable" entry in login.conf. Previously, a default value of 0 was used if the capability was missing. That had the effect of resetting the rtable for every program that uses setusercontext(3), even if a different rtable was chosen by, e.g., "route -T exec command". OK deraadt@ matthieu@
show more ...
|
#
805ea040 |
| 01-Mar-2022 |
tedu <tedu@openbsd.org> |
add rtable capability to login.conf. from Matthew Martin
|
#
e7fa9d39 |
| 26-Feb-2022 |
millert <millert@openbsd.org> |
setuserenv: a missing /etc/login.conf file is not an error. The code to handle LOGIN_SETENV (and thus LOGIN_SETALL) returned an error if /etc/login.conf could not be opened. We should simply return
setuserenv: a missing /etc/login.conf file is not an error. The code to handle LOGIN_SETENV (and thus LOGIN_SETALL) returned an error if /etc/login.conf could not be opened. We should simply return success from setuserenv() in this case like we do for the other flags. From Matthew Martin, OK deraadt@
show more ...
|
#
d7bd1adb |
| 10-Feb-2022 |
robert <robert@openbsd.org> |
introduce support for storing capability databases in /etc/login.conf.d;
anytime a class is looked up, the /etc/login.conf.d/${class} file will be checked first for a matching class definition; this
introduce support for storing capability databases in /etc/login.conf.d;
anytime a class is looked up, the /etc/login.conf.d/${class} file will be checked first for a matching class definition; this will allow us to easily add custom login classes from packages
ok millert@
show more ...
|
#
68f2f568 |
| 24-Oct-2021 |
deraadt <deraadt@openbsd.org> |
use O_RDONLY instead of 0 as open() flags parameter
|
#
c0455c86 |
| 03-Jun-2021 |
deraadt <deraadt@openbsd.org> |
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few years back, so we can remove it. Since nothing in the ecosystem calls it, I am not cranking the libc major as required,
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few years back, so we can remove it. Since nothing in the ecosystem calls it, I am not cranking the libc major as required, surely another crank will come along soon. noticed by Dante Catalfamo ok millert
show more ...
|
#
1917016a |
| 18-Oct-2019 |
tedu <tedu@openbsd.org> |
setting uid to -1 won't work with setresuid, so detect that condition and return an error instead. may prevent some unset/missing confusion. ok deraadt millert
|
#
df69c215 |
| 28-Jun-2019 |
deraadt <deraadt@openbsd.org> |
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
show more ...
|
#
2f5786cf |
| 23-Mar-2019 |
millert <millert@openbsd.org> |
Remove useless secure_path(3) calls. There is no point in checking permissions of files in root-owned directories. If it even was a problem, secure_path(3) suffers from unsolvable TOCTOU issues. OK
Remove useless secure_path(3) calls. There is no point in checking permissions of files in root-owned directories. If it even was a problem, secure_path(3) suffers from unsolvable TOCTOU issues. OK deraadt@
show more ...
|
#
bf198cc6 |
| 25-Jan-2019 |
millert <millert@openbsd.org> |
I am retiring my old email address; replace it with my OpenBSD one.
|
#
511b824c |
| 10-Mar-2016 |
mmcc <mmcc@openbsd.org> |
ANSIfy function declarations, move initializations to declaration block
ok millert@
|
#
b4c66e9d |
| 28-Dec-2015 |
mmcc <mmcc@openbsd.org> |
Remove NULL-checks before free() and a few related dead assignments.
ok and valuable input from millert@
|
#
183195fb |
| 14-Sep-2015 |
tedu <tedu@openbsd.org> |
remove null check before free. from Michael McConville ok semarie
|
#
a2c005cf |
| 13-Sep-2015 |
guenther <guenther@openbsd.org> |
Wrap <login_cap.h> so that calls go direct and the symbols are all weak
|
#
3041679a |
| 01-Apr-2014 |
millert <millert@openbsd.org> |
Use setresuid() and setresgid(). OK guenther@ deraadt@
|
#
7efaef62 |
| 02-Oct-2008 |
millert <millert@openbsd.org> |
simplify and clarify login_getstyle; ok deraadt@
|
#
bb14a393 |
| 17-Sep-2007 |
moritz <moritz@openbsd.org> |
Check snprintf(3) return value for error or truncation. Mostly path construction, where truncation could be bad.
ok and input from deraadt@ millert@ ray@
|
#
1ed98fdf |
| 02-Sep-2007 |
deraadt <deraadt@openbsd.org> |
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
|
#
119f82cb |
| 09-Apr-2006 |
deraadt <deraadt@openbsd.org> |
a few rlim_t casts, kind of ok otto and millert
|
#
d7fc3082 |
| 04-Oct-2005 |
otto <otto@openbsd.org> |
Fix use after free(). Bug found by mpech@; ok deraadt@
|
#
272f3195 |
| 16-Sep-2004 |
deraadt <deraadt@openbsd.org> |
unused variable killed
|
#
66a8fdcf |
| 10-Aug-2004 |
millert <millert@openbsd.org> |
Only expand a tilde for strings like "~", "~/..", "~user" and "~user/". For the PATH, only expand a tilde that is at the beginning of the path name. This is similar to the behavior prior to my commit
Only expand a tilde for strings like "~", "~/..", "~user" and "~user/". For the PATH, only expand a tilde that is at the beginning of the path name. This is similar to the behavior prior to my commit here yesterday.
show more ...
|
#
1b4bf431 |
| 09-Aug-2004 |
millert <millert@openbsd.org> |
Support the "setenv" capability in login.conf ala FreeBSD. Following FreeBSD's example, a '~' in an environment variable is replaced with the user's homedir. A '$' is replaced by the user's login n
Support the "setenv" capability in login.conf ala FreeBSD. Following FreeBSD's example, a '~' in an environment variable is replaced with the user's homedir. A '$' is replaced by the user's login name. Both can be escaped with a backslash to get the literal char. OK deraadt@
show more ...
|