fix gotwebd unveil settings

From:: Stefan Sperling <stsp@stsp.name>
Subject:: fix gotwebd unveil settings
To:: gameoftrees@openbsd.org
Date:: Mon, 13 Nov 2023 21:42:37 +0100

Download raw body.

Thread

2023-11-13 20:42 Stefan Sperling:
fix gotwebd unveil settings
- 2023-11-13 20:50 Mike Larkin:
  fix gotwebd unveil settings
- 2023-11-14 07:50 Omar Polo:
  fix gotwebd unveil settings

gotwebd has no reason to write or create new files anywhere in the
web server's chroot dir. The only directory where it needs to create
or write to files is /var/www/tmp.

ok?

diff /home/stsp/src/got
commit - b1c090542f4ecaf993fc81468338839febcb8e37
path + /home/stsp/src/got
blob - 1355425a306b5f1305bfc75b471bd657c206cbb0
file + gotwebd/gotwebd.c
--- gotwebd/gotwebd.c
+++ gotwebd/gotwebd.c
@@ -249,10 +249,10 @@ main(int argc, char **argv)
 		err(1, "gmon.out");
 #endif
 
-	if (unveil(env->httpd_chroot, "rwc") == -1)
+	if (unveil(env->httpd_chroot, "r") == -1)
 		err(1, "unveil");
 
-	if (unveil(GOT_TMPDIR_STR, "rw") == -1)
+	if (unveil(GOT_TMPDIR_STR, "rwc") == -1)
 		err(1, "unveil");
 
 	if (unveil(GOTWEBD_CONF, "r") == -1)

2023-11-13 20:42 Stefan Sperling:
fix gotwebd unveil settings
- 2023-11-13 20:50 Mike Larkin:
  fix gotwebd unveil settings
- 2023-11-14 07:50 Omar Polo:
  fix gotwebd unveil settings