"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Omar Polo <op@omarpolo.com>
Subject:
Re: fix gotwebd.conf chroot option
To:
Stefan Sperling <stsp@stsp.name>
Cc:
gameoftrees@openbsd.org
Date:
Fri, 08 Dec 2023 09:17:02 +0100

Download raw body.

Thread
On 2023/12/08 09:05:17 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> Repair the chroot option in gotwebd.conf. This is a regression which
> went unnoticed during the proc.c refactoring.
> 
> Granted, using a custom chroot isn't the best idea and also involves
> copying the required files, etc. But since httpd.conf has this option,
> gotwebd needs to offer it, too.
> 
> ok?

ok op@

thanks!

> (In the long term we should consider adding a test suite for gotwebd
> to catch problems like this earlier.)
> 
> -----------------------------------------------
>  repair the "chroot" option in /etc/gotwebd.conf
>  
>  This option was being ignored since the proc.c refactoring.
>  
>  Problem noticed by mlarkin@
>  
> diff 6ecb0b8c6b2aa36b6af31c856909b1ddccdb301c ba87d0b024101b70b1910b0d0035d1107d829e10
> commit - 6ecb0b8c6b2aa36b6af31c856909b1ddccdb301c
> commit + ba87d0b024101b70b1910b0d0035d1107d829e10
> blob - 388afd09354459f0e51fb97f0f90691c05674609
> blob + 449626bea5142dd28150d6b7d4f526712840e040
> --- gotwebd/gotwebd.c
> +++ gotwebd/gotwebd.c
> @@ -343,8 +343,8 @@ main(int argc, char **argv)
>  		setproctitle("sockets");
>  		log_procinit("sockets");
>  
> -		if (chroot(pw->pw_dir) == -1)
> -			fatal("chroot %s", pw->pw_dir);
> +		if (chroot(env->httpd_chroot) == -1)
> +			fatal("chroot %s", env->httpd_chroot);
>  		if (chdir("/") == -1)
>  			fatal("chdir /");
>  		if (setgroups(1, &pw->pw_gid) == -1 ||