 |
TLS + disabling the execution of CGI didn't work under OpenBSD. - geomyidae - A… |
 |
git clone git://bitreich.org/geomyidae/ git://enlrupgkhuxnvlhsf6lc3fziv5h2hhfri… |
 |
Log |
|
Files |
|
Refs |
|
Tags |
|
README |
|
LICENSE |
|
--- |
|
commit e35d04d03d5c4c8ddc88e73c5c3f092e3d309a40 |
|
parent 72253bb02d112a5287ce7b72af7e599da5436236 |
|
Author: Julian Schweinsberg <[email protected]> |
|
Date: Mon, 21 Aug 2023 08:51:36 +0000 |
|
|
|
TLS + disabling the execution of CGI didn't work under OpenBSD. |
|
|
|
For fork() the pledge "proc" is needed, this wasn't pledge if nocgi was |
|
set. |
|
|
|
Signed-off-by: Christoph Lohmann <[email protected]> |
|
|
|
Diffstat: |
|
M main.c | 7 ++++--- |
|
|
|
1 file changed, 4 insertions(+), 3 deletions(-) |
|
--- |
|
diff --git a/main.c b/main.c |
|
@@ -963,9 +963,10 @@ main(int argc, char *argv[]) |
|
|
|
#ifdef __OpenBSD__ |
|
snprintf(promises, sizeof(promises), |
|
- "rpath inet stdio %s %s", |
|
- nocgi ? "" : "proc exec", |
|
- revlookup ? "dns" : ""); |
|
+ "rpath inet stdio %s %s %s", |
|
+ !nocgi || dotls ? "proc" : "", |
|
+ nocgi ? "" : "exec", |
|
+ revlookup ? "dns" : ""); |
|
if (pledge(promises, NULL) == -1) { |
|
perror("pledge"); |
|
exit(1); |
