op public repos

Commits

Commit:: 365cf0f34d08316d433e730a8663283029f729b3
From:: Stefan Sperling <stsp@stsp.name>
Date:: Thu Dec 29 18:10:54 2022 UTC

move "unix" pledge promise from gotd parent to auth process The listen process now communicates the client UID/GID to the parent, and the auth process verifies this on behalf of the parent. This allows us to remove the "unix" pledge promise from the parent, removing parent access to syscalls such as listen() and accept() in the AF_UNIX domain. ok tracey@ op@

diff | patch | tree

Commit:: 5e25db14db9eb20ee11b68048b45b3e0f54d50eb
From:: Stefan Sperling <stsp@stsp.name>
Date:: Thu Dec 29 15:02:18 2022 UTC

run gotd authentication in a separate child process ok op@

diff | patch | tree

Commit:: e18d071f3cc8912b9bfb6fb392689dc7394355dd
From:: Stefan Sperling <stsp@stsp.name>
Date:: Sun Nov 20 14:01:04 2022 UTC

getpwuid() returns NULL without setting errno if no user is found pointed out by millert@

diff | patch | tree

Commit:: 4cad5be9f88baeb0583b4b63a546f5815929a270
From:: Omar Polo <op@omarpolo.com>
Date:: Fri Nov 18 17:43:26 2022 UTC

zap double grp.h include spotted by Thomas

diff | patch | tree

Commit:: ddbe612c691511246aacb15046c1a202d0efcf75
From:: Stefan Sperling <stsp@stsp.name>
Date:: Thu Nov 17 10:16:20 2022 UTC

fix group membership check in gotd auth ok op@

diff | patch | tree

Commit:: 0ccf3acb6c3004ac41b46ad931024da1f4ea0e3e
From:: Stefan Sperling <stsp@stsp.name>
Date:: Wed Nov 16 17:13:00 2022 UTC

implement per-repository read/write authorization rules in gotd ok op@

diff | patch | tree