OpenBSD: unveil XDG directories only when needed
The (not perfectly obvious) way catgirl crafts directories gets triggered by unveilAll() even if no passed option requires filesystem access: $ env -i TERM=xterm ./catgirl -h irc.hackint.eu -R -n nobody catgirl: HOME unset Here unveil(2) is used due to the "restrict" option, but besides terminfo(5) and certificates catgirl does not need any other files, yet it tries to init the data path -- passing XDG_DATA_HOME=/var/empty makes above invocation work showing how the then successful path setup is not required. Fix this by not unveiling the unneeded data path in the first place.master
parent
1c7a755e67
commit
0fe004c5c4
6
chat.c
6
chat.c
|
@ -145,8 +145,10 @@ static void unveilData(const char *name) {
|
||||||
}
|
}
|
||||||
|
|
||||||
static void unveilAll(const char *trust, const char *cert, const char *priv) {
|
static void unveilAll(const char *trust, const char *cert, const char *priv) {
|
||||||
dataMkdir("");
|
if (save || logEnable) {
|
||||||
unveilData("");
|
dataMkdir("");
|
||||||
|
unveilData("");
|
||||||
|
}
|
||||||
if (trust) unveilConfig(trust);
|
if (trust) unveilConfig(trust);
|
||||||
if (cert) unveilConfig(cert);
|
if (cert) unveilConfig(cert);
|
||||||
if (priv) unveilConfig(priv);
|
if (priv) unveilConfig(priv);
|
||||||
|
|
Loading…
Reference in New Issue