On 2023/06/19 17:49:51 +0200, Stefan Sperling <stsp@stsp.name> wrote:
> I have vague plans to split up the "session" process further but I don't
> know when I will find time for doing this.
> 
> But as a quick fix it occurred to me that we should be using unveil to
> prevent modifications to repositories via the session process while
> serving fetches. With this change nothing in gotd has write access to
> repositories anymore while serving fetches.
> A relatively simple change for increased safety, especially when the
> server is offering public access.
> However, the /tmp directory must remain read-write because it is needed
> to generate pack files.
> 
> Tests are still passing and I have this running on got.g.o successfully.
> 
> ok?

don't see harm in doing this, on the other hand serving anonssh
fetches with unveil asserting that the repo can't be written is nice.

ok op@