- From:
- Omar Polo <op@omarpolo.com>
- Subject:
- Re: fix gotwebd unveil settings
- To:
- Stefan Sperling <stsp@stsp.name>
- Cc:
- gameoftrees@openbsd.org
- Date:
- Tue, 14 Nov 2023 08:50:46 +0100
Download raw body.
Thread
fix gotwebd unveil settings
Download raw body.
fix gotwebd unveil settings
On 2023/11/13 21:42:37 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> gotwebd has no reason to write or create new files anywhere in the
> web server's chroot dir. The only directory where it needs to create
> or write to files is /var/www/tmp.
^^^^^^^^
wrong, just /tmp/
> ok?
OK op@ with the unveil(GOT_TMPDIR_STR) removed (and maybe even
unveil(GOTWEBD_CONF) since it's already parsed and we don't do
reloading)
we create and send temp file before unveil() (see config_setfd() around
line 270 in config.c, called by gotwebd_configure())
> diff /home/stsp/src/got
> commit - b1c090542f4ecaf993fc81468338839febcb8e37
> path + /home/stsp/src/got
> blob - 1355425a306b5f1305bfc75b471bd657c206cbb0
> file + gotwebd/gotwebd.c
> --- gotwebd/gotwebd.c
> +++ gotwebd/gotwebd.c
> @@ -249,10 +249,10 @@ main(int argc, char **argv)
> err(1, "gmon.out");
> #endif
>
> - if (unveil(env->httpd_chroot, "rwc") == -1)
> + if (unveil(env->httpd_chroot, "r") == -1)
> err(1, "unveil");
>
> - if (unveil(GOT_TMPDIR_STR, "rw") == -1)
> + if (unveil(GOT_TMPDIR_STR, "rwc") == -1)
> err(1, "unveil");
>
> if (unveil(GOTWEBD_CONF, "r") == -1)
fix gotwebd unveil settings