commit 884d718370696d5e496aff1dcc9d1e03daabd949
parent 23762aa112bdadc36faf0952eaccb5845040b090
Author: hhvn <dev@hhvn.uk>
Date: Sun, 6 Jun 2021 18:18:17 +0100
handler.c main.{c,h}: use pledge and uveil in handler.c
Diffstat:
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/handler.c b/handler.c
@@ -32,6 +32,9 @@ get_userlist(int fd) {
struct passwd *udata;
char path[1024];
+ /* rpath for access() */
+ if (pledge("stdio getpw rpath", NULL) == -1)
+ die(1, "getuserlist() pledge: %s\n", strerror(errno));
dprintf(fd, "Login\tName\n");
while ((udata = getpwent()) != NULL) {
snprintf(path, sizeof(path), "%s/%s", udata->pw_dir, planfile);
@@ -70,6 +73,8 @@ get_plan(int fd, char *user) {
return;
}
+ if (unveil(udata->pw_dir, usecgi ? "rwxc" : "r") == -1)
+ die(1, "get_plan() unveil: %s\n", strerror(errno));
snprintf(path, sizeof(path), "%s/%s", udata->pw_dir, planfile);
if (access(path, R_OK) == -1) {
serrno = errno;
diff --git a/main.c b/main.c
@@ -173,7 +173,7 @@ main(int argc, char *argv[]) {
} ARGEND;
snprintf(promises, sizeof(promises),
- "stdio rpath inet getpw dns proc id %s",
+ "stdio rpath inet getpw dns proc id unveil %s",
usecgi ? "exec" : "");
if (pledge(promises, NULL) == -1)
die(1, "pledge: %s\n", promises);
diff --git a/main.h b/main.h
@@ -15,6 +15,7 @@ void handoff(int fd);
#ifndef __OpenBSD__
#define pledge(a,b) 0
+#define unveil(a,b) 0
#endif
#endif /* H_MAIN */
