diff options
| author | Klemens Nanni <klemens@posteo.de> | 2021-06-29 03:21:42 +0200 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2021-07-04 08:54:19 -0400 |
| commit | 4c9114fba528dfd96bdb8d350932181e38524136 (patch) | |
| tree | 132a09a9588a5edcb35b8a7ccbbc1ae21c7c0dc1 /scripts/sandman.1 | |
| parent | Explicitly tls_handshake(3) in ircPrintCert (diff) | |
| download | catgirl-4c9114fba528dfd96bdb8d350932181e38524136.tar.gz catgirl-4c9114fba528dfd96bdb8d350932181e38524136.zip | |
OpenBSD: unveil logs regardless of restrict mode
Simplify logic and decouple the two features such that the code gets
even more self-ducumenting.
Previously `catgirl -R -l' would never unveil and therefore "proc exec"
could execute arbitrary paths without "rpath" as is usual unveil/pledge
semantic.
Now that `catgirl -l' alone triggers unveil(2), previous "proc exec"
alone is not enough since the first unveil() hides everything else from
filesystem; unveil all of root executable-only in order to restore
non-restrict mode's visibility.
This leaves yields distinct cases wrt. filesystem visibility
(hoisted save file functionality excluded):
1. restrict on, log off: no access
2. restrict on, log on : logdir write/create
3. restrict off, log off: all exec-only
4. restrict off, log on : logdir write/create, all else exec-only
In the first case `unveil("/", "")' could be used but with no benefit as
the later lack of "rpath wpath cpath", i.e. filesystem access is revoked
entirely by pledge alone already.
Practically, this does not change functionality but improves correctness
and readability.
Diffstat (limited to 'scripts/sandman.1')
0 files changed, 0 insertions, 0 deletions