- From:
- Stefan Sperling <stsp@stsp.name>
- Subject:
- more privdrop in -portable gotd
- To:
- gameoftrees@openbsd.org
- Date:
- Sat, 13 Apr 2024 11:41:02 +0200
Download raw body.
Thread
more privdrop in -portable gotd
Download raw body.
more privdrop in -portable gotd
I do not see a reason for gotd components other than the main process
to keep running as root in -portable:
auth (reads the user database)
session_read/write (should use the same level of priv as repo_read/write)
notify (sends e-mail or http requests)
It seems the automated gotd tests are not yet enabled in -portable.
Diff works for me in simple manual testing.
I have not tested notifications but I don't see why they would break.
OK?
diff /home/stsp/src/got-portable
commit - 3cb20d616db20a105f3f1744eb680e108c9521dc
path + /home/stsp/src/got-portable
blob - 8fdfcdc277fb8e76fcf0673b8277273ff4632862
file + gotd/gotd.c
--- gotd/gotd.c
+++ gotd/gotd.c
@@ -2253,6 +2253,8 @@ main(int argc, char **argv)
*/
apply_unveil_none();
+ drop_privs(pw);
+
auth_main(title, &gotd.repos, repo_path);
/* NOTREACHED */
break;
@@ -2275,6 +2277,9 @@ main(int argc, char **argv)
if (repo == NULL)
fatalx("no repository for path %s", repo_path);
}
+
+ drop_privs(pw);
+
if (proc_id == PROC_SESSION_READ)
session_read_main(title, repo_path, pack_fds, temp_fds,
&gotd.request_timeout, repo);
@@ -2353,6 +2358,8 @@ main(int argc, char **argv)
*/
unveil_notification_helpers();
+ drop_privs(pw);
+
notify_main(title, &gotd.repos, default_sender);
/* NOTREACHED */
exit(0);
more privdrop in -portable gotd