summary refs log tree commit diff
path: root/home/.inputrc
diff options
context:
space:
mode:
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-22 08:49:41 +0000


 


-highlight'>

2021-07-13Reword and clarify parts of the manualJune McEnroe

Mostly related to the utilities options.



2021-07-13Use CS command for paramless /op and /voiceJune McEnroe

Should match the actual /cs command.



2021-07-13Condense markup for ignore/highlight formatJune McEnroe


2021-07-13Point out precedence of multiple files and flagsJune McEnroe


2021-07-13Zero out server password after sendingJune McEnroe

Also send it directly using ircSend to avoid copying it and logging
it to <debug>.



2021-07-13Make -o/printCert not load any files, pledge even earlierKlemens Nanni

No point in trying to load a self-signed server certificate which we
are about to get from the server in the first place.

No need to read client certificate/key files when all we want is the
server certificate:  in TLS the server always sends its certificate
before the client replies with any key material, i.e. catgirl sending
client data is useless.

catgirl(1) synopsis also notes how these options are irrelevant in the
-o/printCert case.

As a result, ircConfig() no longer requires any filesystem I/O in this
case, so hoist the purely network I/O related pledge() call to enforce
this -- more secure, self-documenting code!



2021-07-13Attempt to keep "security" in README accurateJune McEnroe

It's a short summary trying to cover different systems...



2021-07-13OpenBSD: merge unveil and pledge logic a bitKlemens Nanni

This reads somewhat clearer as code is grouped by features instead of
security mechanisms by simply merging identical tests/conditions.

No functional change.



2021-07-13OpenBSD: unveil logs regardless of restrict modeKlemens Nanni

Simplify logic and decouple the two features such that the code gets
even more self-ducumenting.

Previously `catgirl -R -l' would never unveil and therefore "proc exec"
could execute arbitrary paths without "rpath" as is usual unveil/pledge
semantic.

Now that `catgirl -l' alone triggers unveil(2), previous "proc exec"
alone is not enough since the first unveil() hides everything else from
filesystem;  unveil all of root executable-only in order to restore
non-restrict mode's visibility.

This leaves yields distinct cases wrt. filesystem visibility
(hoisted save file functionality excluded):

1. restrict on,  log off:  no access
2. restrict on,  log on :  logdir write/create
3. restrict off, log off:  all exec-only
4. restrict off, log on :  logdir write/create, all else exec-only

In the first case `unveil("/", "")' could be used but with no benefit as
the later lack of "rpath wpath cpath", i.e. filesystem access is revoked
entirely by pledge alone already.

Practically, this does not change functionality but improves correctness
and readability.



2021-07-02Save invited channel for /joinJune McEnroe


2021-06-28Move security to the features listJune McEnroe

The restrict option now enables real sandboxing on the two main
target systems.



2021-06-28OpenBSD: unveil the log directory specificallyJune McEnroe

The call to logOpen() will have already created the directory. Still
use dataMkdir() as a convenient way to get the created path.



2021-06-28FreeBSD: Use capsicum_helpers.hJune McEnroe


2021-06-25Set MANDIR in chrootJune McEnroe


2021-06-25FreeBSD: Limit rights on log directoryJune McEnroe


2021-06-25FreeBSD: Limit rights on save fileJune McEnroe


2021-06-25FreeBSD: Limit rights on stdio and socketJune McEnroe


2021-06-25Remove explicit tls_handshake(3) from ircConnectJune McEnroe

The first call to ircFormat, which calls tls_write(3) in turn, will
perform the handshake anyway. This way the handshake happens after
the final pledge(2) call.



2021-06-25Move setting CLOEXEC on socket to ircConnectJune McEnroe


2021-06-25FreeBSD: Enter capabilities mode if restrictedJune McEnroe


2021-06-25Keep log directory open, use mkdirat(2) and openat(2)June McEnroe


2021-06-24Encourage packagers to patch in text macrosJune McEnroe

Maybe no one will ever do it but I think it's a fun idea.



2021-06-24Stop at previous \ when expanding macrosJune McEnroe

There was no reason to ever require whitespace before the macro
name.



2021-06-21Replace SIGWINCH XXX comment with better explanationJune McEnroe


2021-06-21Register SIGWINCH handler before TLS connectKlemens Nanni

Otherwise resizing the terminal will end catgirl until a handler is
registered, e.g. while in ircConnect():

	catgirl: tls_handshake: (null)

Hoist registration right after uiInitEarly() as earliest possible point
in main() since initscr(3) sets up various signals incl. SIGWINCH, i.e.
initialise `cursesWinch' afterwards to pick up curses(3)'s handler.



2021-06-21Handle EINTR from connect(2) gracefully