From: David Leadbeater Subject: pledge: man updates and dead code To: tech@openbsd.org Date: Thu, 29 Jan 2026 22:11:19 +1100 Since kern_pledge.c 1.331 get{peer,sock}name have been under stdio; make the man page reflect that. Also since 1.331 there hasn't been any use of the special sentinel -1 for pledge_socket (added in 1.116, another tweak in 1.129), so that case can be dropped. diff --git lib/libc/sys/pledge.2 lib/libc/sys/pledge.2 index 5e53073d84d..fc802654c8a 100644 --- lib/libc/sys/pledge.2 +++ lib/libc/sys/pledge.2 @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 2 2025 $ +.Dd $Mdocdate: January 29 2026 $ .Dt PLEDGE 2 .Os .Sh NAME @@ -182,6 +182,7 @@ As a result, all the expected functionalities of libc stdio work. .Xr getgroups 2 , .Xr getitimer 2 , .Xr getlogin 2 , +.Xr getpeername 2 , .Xr getpgid 2 , .Xr getpgrp 2 , .Xr getpid 2 , @@ -191,6 +192,7 @@ As a result, all the expected functionalities of libc stdio work. .Xr getrlimit 2 , .Xr getrtable 2 , .Xr getsid 2 , +.Xr getsockname 2 , .Xr getthrid 2 , .Xr gettimeofday 2 , .Xr getuid 2 , @@ -273,8 +275,6 @@ has been substantially reduced in functionality): .Xr connect 2 , .Xr accept4 2 , .Xr accept 2 , -.Xr getpeername 2 , -.Xr getsockname 2 , .Xr setsockopt 2 , .Xr getsockopt 2 .It Cm mcast @@ -328,8 +328,6 @@ domain: .Xr connect 2 , .Xr accept4 2 , .Xr accept 2 , -.Xr getpeername 2 , -.Xr getsockname 2 , .Xr setsockopt 2 , .Xr getsockopt 2 .It Cm dns diff --git sys/kern/kern_pledge.c sys/kern/kern_pledge.c index 2c6eb082787..924aff4241e 100644 --- sys/kern/kern_pledge.c +++ sys/kern/kern_pledge.c @@ -1522,8 +1522,6 @@ pledge_socket(struct proc *p, int domain, unsigned int state) } switch (domain) { - case -1: /* accept on any domain */ - return (0); case AF_INET: case AF_INET6: if (ISSET(pledge, PLEDGE_INET))