diff options
| author | Klemens Nanni <klemens@posteo.de> | 2021-06-06 00:20:52 +0000 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2021-06-06 10:18:52 -0400 |
| commit | 0fe004c5c499b7daf76f4ac769025b5395d41220 (patch) | |
| tree | 093826721ca372b63a09349badf92dacdd5d37dc | |
| parent | Nickname defaults to system's username not IRC username (diff) | |
| download | catgirl-0fe004c5c499b7daf76f4ac769025b5395d41220.tar.gz catgirl-0fe004c5c499b7daf76f4ac769025b5395d41220.zip | |
OpenBSD: unveil XDG directories only when needed
The (not perfectly obvious) way catgirl crafts directories gets triggered by unveilAll() even if no passed option requires filesystem access: $ env -i TERM=xterm ./catgirl -h irc.hackint.eu -R -n nobody catgirl: HOME unset Here unveil(2) is used due to the "restrict" option, but besides terminfo(5) and certificates catgirl does not need any other files, yet it tries to init the data path -- passing XDG_DATA_HOME=/var/empty makes above invocation work showing how the then successful path setup is not required. Fix this by not unveiling the unneeded data path in the first place.
| -rw-r--r-- | chat.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/chat.c b/chat.c index 23ad335..e5527ac 100644 --- a/chat.c +++ b/chat.c @@ -145,8 +145,10 @@ static void unveilData(const char *name) { } static void unveilAll(const char *trust, const char *cert, const char *priv) { - dataMkdir(""); - unveilData(""); + if (save || logEnable) { + dataMkdir(""); + unveilData(""); + } if (trust) unveilConfig(trust); if (cert) unveilConfig(cert); if (priv) unveilConfig(priv); |