CVSROOT: /cvs Module name: src Changes by: dera...@cvs.openbsd.org 2015/11/20 00:15:30
Modified files:
sys/kern : kern_pledge.c uipc_syscalls.c
Log message:
Exempt accept(2) from the pledge_socket() check part of the "domain"
check. You cannot open a socket in a domain unless permitted -- but
you need to be able to accept one if the code flow asks for that to
happen. The most recent check is too tight. We may need to iterate the
policy here until we hit the right vibe...
