- From:
- Tracey Emery <tracey@traceyemery.net>
- Subject:
- move gotweb pledge scope
- To:
- gameoftrees@openbsd.org
- Date:
- Thu, 16 Jan 2020 03:20:15 -0700
Download raw body.
Thread
move gotweb pledge scope
Download raw body.
move gotweb pledge scope
Hello,
The following diff moves pledge from a single function call to each
individual gotweb function. This allows for tighter control over
selected promises.
Ok?
--
Tracey Emery
diff c08369d7b2d435a4c881c980f9a7192c5f7fc61a /home/basepr1me/Documents/got/got/got
blob - 969f659b425731a10dc96ef765903958e180d926
file + gotweb/TODO
--- gotweb/TODO
+++ gotweb/TODO
@@ -11,5 +11,3 @@ TODO
- Redo index header, so columns are removed when content is set to not display
in gotweb.conf.
-
-- Move pledge to each function. Only diffing needs wpath and cpath.
blob - daa235b3c518c0e7524fc9f89e2d9c4b7942cf30
file + gotweb/gotweb.c
--- gotweb/gotweb.c
+++ gotweb/gotweb.c
@@ -267,6 +267,12 @@ gw_blame(struct gw_trans *gw_trans)
char *log, *log_html;
+ if (pledge("stdio rpath wpath cpath proc exec sendfd unveil",
+ NULL) == -1) {
+ error = got_error_from_errno("pledge");
+ return error;
+ }
+
error = gw_apply_unveil(gw_trans->gw_dir->path, NULL);
if (error)
return error;
@@ -289,6 +295,12 @@ gw_commit(struct gw_trans *gw_trans)
const struct got_error *error = NULL;
char *log, *log_html;
+ if (pledge("stdio rpath proc exec sendfd unveil",
+ NULL) == -1) {
+ error = got_error_from_errno("pledge");
+ return error;
+ }
+
error = gw_apply_unveil(gw_trans->gw_dir->path, NULL);
if (error)
return error;
@@ -311,6 +323,12 @@ gw_commitdiff(struct gw_trans *gw_trans)
const struct got_error *error = NULL;
char *log, *log_html;
+ if (pledge("stdio rpath wpath cpath proc exec sendfd unveil",
+ NULL) == -1) {
+ error = got_error_from_errno("pledge");
+ return error;
+ }
+
error = gw_apply_unveil(gw_trans->gw_dir->path, NULL);
if (error)
return error;
@@ -335,6 +353,12 @@ gw_index(struct gw_trans *gw_trans)
char *html, *navs, *next, *prev;
unsigned int prev_disp = 0, next_disp = 1, dir_c = 0;
+ if (pledge("stdio rpath proc exec sendfd unveil",
+ NULL) == -1) {
+ error = got_error_from_errno("pledge");
+ return error;
+ }
+
error = gw_apply_unveil(gw_trans->gw_conf->got_repos_path, NULL);
if (error)
return error;
@@ -425,6 +449,12 @@ gw_log(struct gw_trans *gw_trans)
const struct got_error *error = NULL;
char *log, *log_html;
+ if (pledge("stdio rpath proc exec sendfd unveil",
+ NULL) == -1) {
+ error = got_error_from_errno("pledge");
+ return error;
+ }
+
error = gw_apply_unveil(gw_trans->gw_dir->path, NULL);
if (error)
return error;
@@ -456,6 +486,12 @@ gw_logbriefs(struct gw_trans *gw_trans)
const struct got_error *error = NULL;
char *log, *log_html;
+ if (pledge("stdio rpath proc exec sendfd unveil",
+ NULL) == -1) {
+ error = got_error_from_errno("pledge");
+ return error;
+ }
+
error = gw_apply_unveil(gw_trans->gw_dir->path, NULL);
if (error)
return error;
@@ -482,6 +518,12 @@ gw_summary(struct gw_trans *gw_trans)
*cloneurl_html, *log, *log_html, *tags, *heads, *tags_html,
*heads_html, *age;
+ if (pledge("stdio rpath proc exec sendfd unveil",
+ NULL) == -1) {
+ error = got_error_from_errno("pledge");
+ return error;
+ }
+
error = gw_apply_unveil(gw_trans->gw_dir->path, NULL);
if (error)
return error;
@@ -576,6 +618,12 @@ gw_tag(struct gw_trans *gw_trans)
const struct got_error *error = NULL;
char *log, *log_html;
+ if (pledge("stdio rpath proc exec sendfd unveil",
+ NULL) == -1) {
+ error = got_error_from_errno("pledge");
+ return error;
+ }
+
error = gw_apply_unveil(gw_trans->gw_dir->path, NULL);
if (error)
return error;
@@ -598,6 +646,12 @@ gw_tree(struct gw_trans *gw_trans)
const struct got_error *error = NULL;
char *log, *log_html;
+ if (pledge("stdio rpath proc exec sendfd unveil",
+ NULL) == -1) {
+ error = got_error_from_errno("pledge");
+ return error;
+ }
+
error = gw_apply_unveil(gw_trans->gw_dir->path, NULL);
if (error)
return error;
@@ -2651,12 +2705,6 @@ main(int argc, char *argv[])
malloc(sizeof(struct gotweb_conf))) == NULL) {
gw_malloc = 0;
error = got_error_from_errno("malloc");
- goto err;
- }
-
- if (pledge("stdio rpath wpath cpath proc exec sendfd unveil",
- NULL) == -1) {
- error = got_error_from_errno("pledge");
goto err;
}
move gotweb pledge scope