mirrors/snac2
3
0
Fork 0
mirror of https://codeberg.org/grunfink/snac2.git synced 2024-11-09 11:40:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

Usage of unveil() and pledge() can be disabled from config.

Browse Source
This commit is contained in:
default 2023-01-13 14:18:23 +01:00
parent ed6a94ee14
commit 6406877af1
1 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
data.c
View File

@ -87,17 +87,24 @@ int srv_open(char *basedir, int auto_upgrade)
srv_log(error);
#ifdef __OpenBSD__
srv_debug(2, xs_fmt("Calling unveil()"));
unveil(basedir, "rwc");
unveil("/usr/sbin/sendmail", "x");
unveil("/etc/resolv.conf", "r");
unveil("/etc/hosts", "r");
unveil("/etc/ssl/openssl.cnf", "r");
unveil("/etc/ssl/cert.pem", "r");
unveil("/usr/share/zoneinfo", "r");
unveil(NULL, NULL);
srv_debug(2, xs_fmt("Calling pledge()"));
pledge("stdio rpath wpath cpath flock inet proc exec dns", NULL);
char *v = xs_dict_get(srv_config, "disable_openbsd_security");
if (v && xs_type(v) == XSTYPE_TRUE) {
srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
}
else {
srv_debug(1, xs_fmt("Calling unveil()"));
unveil(basedir, "rwc");
unveil("/usr/sbin/sendmail", "x");
unveil("/etc/resolv.conf", "r");
unveil("/etc/hosts", "r");
unveil("/etc/ssl/openssl.cnf", "r");
unveil("/etc/ssl/cert.pem", "r");
unveil("/usr/share/zoneinfo", "r");
unveil(NULL, NULL);
srv_debug(1, xs_fmt("Calling pledge()"));
pledge("stdio rpath wpath cpath flock inet proc exec dns", NULL);
}
#endif /* __OpenBSD__ */
return ret;