op public repos

Commits

Commit:: 7a0564e3ba8d55d4f066d3ba0f35ff64fd6a8d60
From:: Stefan Sperling <stsp@stsp.name>
Date:: Fri Dec 30 22:30:18 2022 UTC

enforce a per-uid connection limit in the gotd listen process For now the limit is set at compile-time. It will become configurable via gotd.conf soon. ok op@

diff | patch | tree

Commit:: c602198afc6ce7d8c96397f6482e7aff4e02db41
From:: Stefan Sperling <stsp@stsp.name>
Date:: Fri Dec 30 16:49:09 2022 UTC

gotd listen process forgot to initialize its client table siphash key

diff | patch | tree

Commit:: 365cf0f34d08316d433e730a8663283029f729b3
From:: Stefan Sperling <stsp@stsp.name>
Date:: Thu Dec 29 18:10:54 2022 UTC

move "unix" pledge promise from gotd parent to auth process The listen process now communicates the client UID/GID to the parent, and the auth process verifies this on behalf of the parent. This allows us to remove the "unix" pledge promise from the parent, removing parent access to syscalls such as listen() and accept() in the AF_UNIX domain. ok tracey@ op@

diff | patch | tree

Commit:: d93ecf7dc6dd75bc506128cc5666c1b76761e0a0
From:: Stefan Sperling <stsp@stsp.name>
Date:: Wed Dec 14 10:38:34 2022 UTC

add a gotd "listen" process which watches the unix socket ok op@

diff | patch | tree