Download raw body.
fix gotwebd unveil settings
On Tue, Nov 14, 2023 at 09:08:35AM +0100, Stefan Sperling wrote: > On Tue, Nov 14, 2023 at 08:50:46AM +0100, Omar Polo wrote: > > On 2023/11/13 21:42:37 +0100, Stefan Sperling <stsp@stsp.name> wrote: > > > gotwebd has no reason to write or create new files anywhere in the > > > web server's chroot dir. The only directory where it needs to create > > > or write to files is /var/www/tmp. > > ^^^^^^^^ > > wrong, just /tmp/ > > Indeed. I forgot that we moved temp file creation outside the > chroot when gotd came around. > > > > ok? > > > > OK op@ with the unveil(GOT_TMPDIR_STR) removed (and maybe even > > unveil(GOTWEBD_CONF) since it's already parsed and we don't do > > reloading) > > Thanks! It does run with /tmp removed. Even better. > > I will keep the config file for now. Hopefully we'll add reload > functionality some day. Oops, got confused between the 2 threads and posted the wrong diff. Here is the new gotwebd.c diff again for reference. diff /home/stsp/src/got commit - b1c090542f4ecaf993fc81468338839febcb8e37 path + /home/stsp/src/got blob - 1355425a306b5f1305bfc75b471bd657c206cbb0 file + gotwebd/gotwebd.c --- gotwebd/gotwebd.c +++ gotwebd/gotwebd.c @@ -249,12 +249,9 @@ main(int argc, char **argv) err(1, "gmon.out"); #endif - if (unveil(env->httpd_chroot, "rwc") == -1) + if (unveil(env->httpd_chroot, "r") == -1) err(1, "unveil"); - if (unveil(GOT_TMPDIR_STR, "rw") == -1) - err(1, "unveil"); - if (unveil(GOTWEBD_CONF, "r") == -1) err(1, "unveil");
fix gotwebd unveil settings