Download raw body.
gotd: unveil in PROFILE builds
On 2023/05/01 21:43:19 +0300, Mikhail <mp39590@gmail.com> wrote: > On Mon, May 01, 2023 at 09:25:50PM +0300, Mikhail wrote: > > apply_unveil_none() hides whole file system and it makes getpwuid fail > > in PROFILE builds > > Not my day. Better patch to disable all unveils: I'm not sure it's a good idea to disable unveil in gotd PROFILE builds; we usually don't do that. since the getpw pledge is only used in the auth process, what about disabling unveil() only in that process and comment why we're doing that? (admittedly only build tested) diff /home/op/w/got commit - c000aa350eac5ac329beb278a513e5f978d2a463 path + /home/op/w/got blob - 23fb7de78a4d49528a35ce6f683badab359d83bc file + gotd/gotd.c --- gotd/gotd.c +++ gotd/gotd.c @@ -1856,14 +1856,18 @@ main(int argc, char **argv) #ifndef PROFILE if (pledge("stdio getpw recvfd unix unveil", NULL) == -1) err(1, "pledge"); -#endif + /* * We need the "unix" pledge promise for getpeername(2) only. * Ensure that AF_UNIX bind(2) cannot be used by revoking all * filesystem access via unveil(2). Access to password database * files will still work since "getpw" bypasses unveil(2). + * + * Can't unveil in PROFILE because getpwuid(3) will + * fail since we lack pledge in those builds. */ apply_unveil_none(); +#endif auth_main(title, &gotd.repos, repo_path); /* NOTREACHED */
gotd: unveil in PROFILE builds