CVSROOT: /cvs Module name: src Changes by: [email protected] 2025/11/13 13:46:39
Modified files:
usr.sbin/tcpdump: privsep.c privsep_pcap.c
Log message:
Found a program which is sensitive to root-bypassing-BIOCLOCK, and
dissapointingly it is tcpdump. The privsep was setting the lock in
one process, before handing it to the root process which would set
the filters. Fix that, and introduce a big comment which explains
how pledge is a piece of the safety model.
discussed with florian, ok benno
