Download raw body.
gotd: unveil in PROFILE builds
On Mon, May 01, 2023 at 09:25:50PM +0300, Mikhail wrote: > apply_unveil_none() hides whole file system and it makes getpwuid fail > in PROFILE builds Not my day. Better patch to disable all unveils: diff /home/misha/work/got commit - c000aa350eac5ac329beb278a513e5f978d2a463 path + /home/misha/work/got blob - 23fb7de78a4d49528a35ce6f683badab359d83bc file + gotd/gotd.c --- gotd/gotd.c +++ gotd/gotd.c @@ -1644,6 +1644,7 @@ static void return NULL; } +#ifndef PROFILE static void apply_unveil_repo_readonly(const char *repo_path) { @@ -1686,6 +1687,7 @@ apply_unveil_selfexec(void) if (unveil(NULL, NULL) == -1) fatal("unveil"); } +#endif int main(int argc, char **argv) @@ -1841,12 +1843,12 @@ main(int argc, char **argv) #ifndef PROFILE if (pledge("stdio sendfd unix unveil", NULL) == -1) err(1, "pledge"); -#endif /* * Ensure that AF_UNIX bind(2) cannot be used with any other * sockets by revoking all filesystem access via unveil(2). */ apply_unveil_none(); +#endif listen_main(title, fd, gotd.connection_limits, gotd.nconnection_limits); @@ -1856,7 +1858,6 @@ main(int argc, char **argv) #ifndef PROFILE if (pledge("stdio getpw recvfd unix unveil", NULL) == -1) err(1, "pledge"); -#endif /* * We need the "unix" pledge promise for getpeername(2) only. * Ensure that AF_UNIX bind(2) cannot be used by revoking all @@ -1864,6 +1865,7 @@ main(int argc, char **argv) * files will still work since "getpw" bypasses unveil(2). */ apply_unveil_none(); +#endif auth_main(title, &gotd.repos, repo_path); /* NOTREACHED */ @@ -1877,8 +1879,8 @@ main(int argc, char **argv) if (pledge("stdio rpath wpath cpath recvfd sendfd fattr flock " "unveil", NULL) == -1) err(1, "pledge"); -#endif apply_unveil_repo_readwrite(repo_path); +#endif session_main(title, repo_path, pack_fds, temp_fds, &gotd.request_timeout); /* NOTREACHED */ @@ -1887,8 +1889,8 @@ main(int argc, char **argv) #ifndef PROFILE if (pledge("stdio rpath recvfd unveil", NULL) == -1) err(1, "pledge"); -#endif apply_unveil_repo_readonly(repo_path); +#endif repo_read_main(title, repo_path, pack_fds, temp_fds); /* NOTREACHED */ exit(0); @@ -1896,8 +1898,8 @@ main(int argc, char **argv) #ifndef PROFILE if (pledge("stdio rpath recvfd unveil", NULL) == -1) err(1, "pledge"); -#endif apply_unveil_repo_readonly(repo_path); +#endif repo = gotd_find_repo_by_path(repo_path, &gotd); if (repo == NULL) fatalx("no repository for path %s", repo_path); @@ -1914,7 +1916,9 @@ main(int argc, char **argv) if (proc_id != PROC_GOTD) fatal("invalid process id %d", proc_id); +#ifndef PROFILE apply_unveil_selfexec(); +#endif signal_set(&evsigint, SIGINT, gotd_sighdlr, NULL); signal_set(&evsigterm, SIGTERM, gotd_sighdlr, NULL);
gotd: unveil in PROFILE builds