OpenBSD: unveil logs regardless of restrict mode - catgirl - IRC client

summary refs log tree commit diff

path: root/scripts/sandman.m

diff options

author	Klemens Nanni <klemens@posteo.de>	2021-06-29 03:21:42 +0200
committer	June McEnroe <june@causal.agency>	2021-07-13 15:16:22 -0400
commit	7793ca36bb5aadee1a6f5e2708ec2ff9917aba6b (patch)
tree	f055e292c4f7215f718975b362739ed8f893e73c /scripts/sandman.m
parent	Save invited channel for /join (diff)
download	catgirl-7793ca36bb5aadee1a6f5e2708ec2ff9917aba6b.tar.gz catgirl-7793ca36bb5aadee1a6f5e2708ec2ff9917aba6b.zip

OpenBSD: unveil logs regardless of restrict mode

Simplify logic and decouple the two features such that the code gets
even more self-ducumenting.

Previously `catgirl -R -l' would never unveil and therefore "proc exec"
could execute arbitrary paths without "rpath" as is usual unveil/pledge
semantic.

Now that `catgirl -l' alone triggers unveil(2), previous "proc exec"
alone is not enough since the first unveil() hides everything else from
filesystem;  unveil all of root executable-only in order to restore
non-restrict mode's visibility.

This leaves yields distinct cases wrt. filesystem visibility
(hoisted save file functionality excluded):

1. restrict on,  log off:  no access
2. restrict on,  log on :  logdir write/create
3. restrict off, log off:  all exec-only
4. restrict off, log on :  logdir write/create, all else exec-only

In the first case `unveil("/", "")' could be used but with no benefit as
the later lack of "rpath wpath cpath", i.e. filesystem access is revoked
entirely by pledge alone already.

Practically, this does not change functionality but improves correctness
and readability.

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions

014-01-14 02:00:07 +0100'>2014-01-14filter: introduce "filter type" prefixJohn Keeping 2014-01-14filter: add interface layerJohn Keeping 2014-01-14filter: add fprintf_filter functionJohn Keeping 2014-01-14authors: specify maintainersJason A. Donenfeld 2014-01-13filters: Improved syntax-highlighting.pyStefan Tatschner 2014-01-12tests: add CGIT_TEST_OPTS variable to MakefileJohn Keeping 2014-01-12ui-repolist: HTML-escape cgit_rooturl() responseJohn Keeping 2014-01-12ui-shared: URL-escape script_nameJohn Keeping 2014-01-12ui-refs: escape HTML chars in author and tagger namesJohn Keeping 2014-01-12filter: pass extra arguments via cgit_open_filterJohn Keeping 2014-01-12ui-snapshot: set unused cgit_filter fields to zeroJohn Keeping 2014-01-12html: remove redundant htmlfd variableJohn Keeping 2014-01-12tests: add Valgrind supportJohn Keeping 2014-01-12cache: don't leave cache_slot fields uninitializedJohn Keeping 2014-01-10filter: split filter functions into their own fileJason A. Donenfeld 2014-01-10filter: make exit status localJason A. Donenfeld 2014-01-10parsing: fix header typoJason A. Donenfeld 2014-01-10cgit.c: Fix comment on bit mask hackLukas Fleischer 2014-01-10cgit.c: Use "else" for mutually exclusive branchesLukas Fleischer 2014-01-10ui-snapshot.c: Do not reinvent suffixcmp()Lukas Fleischer 2014-01-10Refactor cgit_parse_snapshots_mask()Lukas Fleischer 2014-01-10Disallow use of undocumented snapshot delimitersLukas Fleischer 2014-01-10Replace most uses of strncmp() with prefixcmp()Lukas Fleischer 2014-01-09README: Fix dependenciesLukas Fleischer 2014-01-08README: Spelling and formatting fixesLukas Fleischer 2014-01-08Fix UTF-8 with syntax-highlighting.pyPřemysl Janouch 2014-01-08Add a suggestion to the manpagePřemysl Janouch 2014-01-08Fix the example configurationPřemysl Janouch 2014-01-08Fix about-formatting.shPřemysl Janouch 2014-01-08Fix some spelling errorsPřemysl Janouch 2014-01-08filters: highlight.sh: add css comments for highlight 2.6 and 3.8Ferry Huberts