| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
I used "git grep -FIn http://" to find all occurrences, and looked at
each one. If an occurrence was really just a link, and if a https
version exists, and if our Browser can access it at least as well as the
http version, then I changed the occurrence to https.
I'm happy to report that I didn't run into a single site where Browser
can't deal with the https version.
|
|
|
|
|
|
Update the mitigations documentation with the lateest mitigation.
|
|
|
|
|
|
This option was removed and can't be used anymore.
|
|
These interfaces are broken for about 9 months, maybe longer than that.
At this point, this is just a dead code nobody tests or tries to use, so
let's remove it instead of keeping a stale code just for the sake of
keeping it and hoping someone will fix it.
To better justify this, I read that OpenBSD removed loadable kernel
modules in 5.7 release (2014), mainly for the same reason we do -
nobody used it so they had no good reason to maintain it.
Still, OpenBSD had LKMs being effectively working, which is not the
current state in our project for a long time.
An arguably better approach to minimize the Kernel image size is to
allow dropping drivers and features while compiling a new image.
|
|
A quick grep revealed these stats (counting only the first occurrence
per line):
`thing`(1): 154
`thing(1)`: 9
thing(1): 4
This commit converts all occurrences to the `thing`(1) format.
|
|
|
|
|
|
|
|
The new asctl (audio server control) utility expands on avol with a
completely new command line interface (documented in the man page) that
supports retrieving and setting all exposed audio server settings, like
volume and sample rate. This is currently the only user-facing way of
changing the sample rate.
|
|
We are not using this for anything and it's just been sitting there
gathering dust for well over a year, so let's stop carrying all this
complexity around for no good reason.
|
|
|
|
Update the man page to describe more mitigations that we have applied.
|
|
This is primarily used to give an example configuration file.
|
|
|
|
|
|
Add an implementation of 'comm' -- compare files line by line
|
|
On macOS with a Finnish keyboard layout, $ is typed with Option+4. While
writing this manpage, I made the mistake of holding Option down a little
too long, as I often do, resulting in the keystroke Option+space. This,
instead of typing a space, types U+00A0 (non-breaking space), which
looks identical on my host terminal. Luckily the Serenity terminal
called me out on it, printing out a question mark instead.
|
|
List subdirectories encountered using -R or --recursive flags with ls.
|
|
|
|
|
|
(#8006)
|
|
|
|
Since this program is setuid-root, it should be as simple as possible.
To that end, remove `/etc/plsusers` and use filesystem permissions to
achieve the same thing. `/bin/pls` is now only executable by `root` or
members of the `wheel` group.
Also remove all the logic that went to great lengths to `unveil()` a
minimal set of filesystem paths that may be used for the command.
The complexity-to-benefit ratio did not seem justified, and I think
we're better off keeping this simple.
Finally, remove pledge promises the moment they are no longer needed.
|
|
As per comment found in #6319 by @bcoles, `pls` should check the
permissions and owner of the sudoers file to ensure that it hasn't
been compromised.
|
|
|
|
Also add `stty` to that list by default.
|
|
|
|
|
|
The old name was a bit too ambiguous. This one is crystal clear. :^)
|
|
...and set it to 10 seconds by default.
|
|
|
|
This not being recognised is surprising.
|
|
This will be replaced with the unicode character whose codepoint is
given by the unsigned 32-bit number 'hhhhhhhh' (hex).
|
|
|
|
This documents the feature in c2872766f2322aa38490160b571059f05e7dcb2d
|
|
|
|
|
|
|
|
|
|
- Fix some typos and formatting.
- Add links to Mitigations from unveil / pledge.
|
|
|
|
|
|
|
