===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- www/60.html 2016/08/15 13:54:19 1.49
+++ www/60.html 2016/08/15 15:34:16 1.50
@@ -358,6 +358,27 @@
in base programs use SOCK_NONBLOCK to eliminate the need for a separate
fcntl(2).
tmpfs not enabled by default
+ the in-kernel semantics of
+ pledge(2)
+ were improved in numerous ways.
+ Highlights include:
+ a new chown promise that allows pledged programs to set
+ setugid attributes,
+ a stricter enforcement of the recvfd promise and
+ chroot(2) is no longer allowed
+ for pledged programs.
+ a number of
+ pledge(2)-related bugs
+ (missing promises, unintended changes of behavior, crashes) were fixed,
+ notably in
+ gzip(1),
+ nc(1),
+ sed(1),
+ skeyinit(1),
+ stty(1),
+ and various disk-related utilities, such as
+ disklabel(8) and
+ fdisk(8).