From 4c9114fba528dfd96bdb8d350932181e38524136 Mon Sep 17 00:00:00 2001
From: Klemens Nanni <klemens@posteo.de>
Date: Tue, 29 Jun 2021 03:21:42 +0200
Subject: OpenBSD: unveil logs regardless of restrict mode

Simplify logic and decouple the two features such that the code gets
even more self-ducumenting.

Previously `catgirl -R -l' would never unveil and therefore "proc exec"
could execute arbitrary paths without "rpath" as is usual unveil/pledge
semantic.

Now that `catgirl -l' alone triggers unveil(2), previous "proc exec"
alone is not enough since the first unveil() hides everything else from
filesystem;  unveil all of root executable-only in order to restore
non-restrict mode's visibility.

This leaves yields distinct cases wrt. filesystem visibility
(hoisted save file functionality excluded):

1. restrict on,  log off:  no access
2. restrict on,  log on :  logdir write/create
3. restrict off, log off:  all exec-only
4. restrict off, log on :  logdir write/create, all else exec-only

In the first case `unveil("/", "")' could be used but with no benefit as
the later lack of "rpath wpath cpath", i.e. filesystem access is revoked
entirely by pledge alone already.

Practically, this does not change functionality but improves correctness
and readability.
---
 chat.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'chat.c')

diff --git a/chat.c b/chat.c
index 9934fc3..0bdb69c 100644
--- a/chat.c
+++ b/chat.c
@@ -282,12 +282,17 @@ int main(int argc, char *argv[]) {
 	}
 
 #ifdef __OpenBSD__
-	if (self.restricted && log) {
+	if (log) {
 		const char *logdir = dataMkdir("log");
 		int error = unveil(logdir, "wc");
 		if (error) err(EX_OSERR, "unveil");
 	}
 
+	if (!self.restricted) {
+		int error = unveil("/", "x");
+		if (error) err(EX_OSERR, "unveil");
+	}
+
 	char promises[64] = "stdio tty";
 	char *ptr = &promises[strlen(promises)], *end = &promises[sizeof(promises)];
 	if (log) ptr = seprintf(ptr, end, " wpath cpath");
-- 
cgit 1.4.1

type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/src/log/?id=1992ac426b5b81811296288cbd9aa263b87c548e&amp;showmsg=1&amp;follow=1'>root</a>/<a href='/src/log/doc?id=1992ac426b5b81811296288cbd9aa263b87c548e&amp;showmsg=1&amp;follow=1'>doc</a>/<a href='/src/log/doc/zlib?id=1992ac426b5b81811296288cbd9aa263b87c548e&amp;showmsg=1&amp;follow=1'>zlib</a>/<a href='/src/log/doc/zlib/gzread.3?id=1992ac426b5b81811296288cbd9aa263b87c548e&amp;showmsg=1&amp;follow=1'>gzread.3</a> (<a href='/src/log/doc/zlib/gzread.3?id=1992ac426b5b81811296288cbd9aa263b87c548e&amp;showmsg=1'>unfollow</a>)</div><div class='content'><table class='list nowrap'><tr class='nohover'><th></th><th class='left'>Commit message (<a href='/src/log/doc/zlib/gzread.3?id=1992ac426b5b81811296288cbd9aa263b87c548e&amp;follow=1'>Collapse</a>)</th><th class='left'>Author</th></tr>
<tr class='logheader'><td><span title='2022-03-14 20:31:24 -0400'>2022-03-14</span></td><td class='logsubject'><a href='/src/commit/bin/git-comment.pl?id=54e5bef580ed20f9e766f1d3223970a18239012b&amp;follow=1'>Use /usr/local/share/perl5 in git-comment</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2022-03-14 18:04:34 -0400'>2022-03-14</span></td><td class='logsubject'><a href='/src/commit/etc/Dark.terminal?id=8bb3b262a293e69bf55a268b2d8e92d3c613df39&amp;follow=1'>Bump Terminal.app font size to 13</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2022-03-06 01:24:14 -0500'>2022-03-06</span></td><td class='logsubject'><a href='/src/commit/www/text.causal.agency/034-voices.7?id=bc7a28011dda915b96478402ed48f4b62303109e&amp;follow=1'>Remove note about having more to say</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Really this post says something that I wanted to say and that is
enough.


</td></tr>
<tr class='logheader'><td><span title='2022-03-06 01:13:54 -0500'>2022-03-06</span></td><td class='logsubject'><a href='/src/commit/www/text.causal.agency/Makefile?id=85cd880a9850cf43eb72d1c9a8dc31f840b6ebf7&amp;follow=1'>Publish "Voices"</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
Is this a post? I guess it is now.


</td></tr>
<tr class='logheader'><td><span title='2022-02-22 09:35:27 -0500'>2022-02-22</span></td><td class='logsubject'><a href='/src/commit/TOUR.7?id=c346e7d880d035fc9d19fb4adca13a2b51bb8a7d&amp;follow=1'>Remove cgit from TOUR</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2022-02-14 22:44:50 -0500'>2022-02-14</span></td><td class='logsubject'><a href='/src/commit/www/git.causal.agency/cgit/ui-tree.h?id=87e72f9f7f22f082346013e4fdd02cb2b622ab23&amp;follow=1'>Remove cgit</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
My fork of cgit is now &lt;https://git.causal.agency/cgit-pink/&gt;.


</td></tr>
<tr class='logheader'><td><span title='2022-02-14 00:14:26 +0000'>2022-02-14</span></td><td class='logsubject'><a href='/src/commit/www/git.causal.agency/filter.c?id=e9214c2c480316522cc20f89cd3a5925c77a0fca&amp;follow=1'>Narrow filter</a></td><td>June McEnroe</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2022-02-10 18:09:07 -0500'>2022-02-10</span></td><td class='logsubject'><a href='/src/commit/txt/diminishing-shine.txt?id=3a449b8f8af7bcc9f04132740e38161997e47275&amp;follow=1'>Correct diminishing shine, I think</a></td><td>June McEnroe