CVSROOT: /cvs
Module name: src
Changes by: dera...@cvs.openbsd.org 2015/10/16 22:31:10
Modified files:
sys/sys : pledge.h
sys/kern : kern_pledge.c
Log message:
Add pledge "id" support. This request permits setuid/seteuid/setresuid,
setgid/setegid/setresgid, setgroups, setlogin, and setpriority.
setrlimit and getpriority are also allowed (they are also in "proc")
some of these were previously permitted in "proc" but have been removed.
this seperation is intentional. "proc" is intended for reasoning about
the relationship of a process "with other processes", whereas "id" deals
the powerful/dangerous concept of unix ids. "id" will see some action
very soon.
ok gilles tedu semarie doug
