 |
Fix unveil(2) usage - quark - quark web server |
 |
git clone git://git.suckless.org/quark |
 |
Log |
|
Files |
|
Refs |
|
LICENSE |
|
--- |
|
commit 5ee8c07e7e3e601fce49fbc2b170227924be3804 |
|
parent 3c7049e9063edebbd1934178f263f9f3c9b8ddf5 |
|
Author: Laslo Hunhold <[email protected]> |
|
Date: Fri, 20 Mar 2020 20:35:34 +0100 |
|
|
|
Fix unveil(2) usage |
|
|
|
Thanks to the feedback by z0lqLA! I forgot that unveil(NULL, NULL) |
|
only locks further unveil calls when there has been at least _one_ prior |
|
call to unveil! |
|
|
|
To fix this, we reorder the calls and also make sure to call unveil() |
|
before we disallow unveils via pledge. |
|
|
|
Signed-off-by: Laslo Hunhold <[email protected]> |
|
|
|
Diffstat: |
|
M main.c | 5 ++++- |
|
|
|
1 file changed, 4 insertions(+), 1 deletion(-) |
|
--- |
|
diff --git a/main.c b/main.c |
|
@@ -387,10 +387,13 @@ main(int argc, char *argv[]) |
|
exit(0); |
|
default: |
|
/* limit ourselves even further while we are waiting */ |
|
- eunveil(NULL, NULL); |
|
if (udsname) { |
|
+ eunveil(udsname, "c"); |
|
+ eunveil(NULL, NULL); |
|
epledge("stdio cpath", NULL); |
|
} else { |
|
+ eunveil("/", ""); |
|
+ eunveil(NULL, NULL); |
|
epledge("stdio", NULL); |
|
} |
|
