src - dontfiles

	Commit message (Expand)	Author	Age
*	Simplify rfctags	June McEnroe	2021-04-11
*	Optionally compress RFCs, decompress in rfc(1)	June McEnroe	2021-03-06
*	Remove rfc.vim	June McEnroe	2021-03-06
*	Make mktemp -t compatible with OpenBSD	June McEnroe	2021-02-26
*	Don't compress RFCs, add rfc(1) command	June McEnroe	2021-01-18
*	Add 'doc/zlib/' from commit 'e1ebbcf0ed43f21dd504f1f109e5d12b6bc99460'	June McEnroe	2020-12-27
*	Match the number part of the argument to :RFC	June McEnroe	2020-12-21
*	Move rfc.vim to doc/rfc	June McEnroe	2020-12-21
*	Move rfc to doc/rfc	June McEnroe	2020-12-21
*	Update PDF URLs	June McEnroe	2020-12-21
*	Move pdf to doc/pdf	June McEnroe	2020-12-21

&id=3f3585d0f32e66ad5c8c6c713f315e14810230eb&follow=1'>Fix missing include for flock(2)June McEnroe On OpenBSD it's in <fcntl.h>, and it gets declared anyway on FreeBSD and macOS. Curiously, on GNU/Linux, LOCK_* are defined, but flock(2) isn't declared. 2021-08-09Silence maybe uninitialized warningJune McEnroe Wouldn't happen anyway since configPath will always return at least one path. 2021-07-26Use (bright) red for \com text macro 1.9June McEnroe 2021-07-20chroot: Avoid passing paths to -sJune McEnroe 2021-07-20FreeBSD: Revert caph_enter(3) call to cap_enter(2)June McEnroe caph_enter(3) is the same as cap_enter(2) except that it returns success even if the kernel does not support capability mode. Since we only enter capability mode when explicitly requested by the restrict option, it should fail loudly if it is not supported. On the other hand, we make calls to caph_rights_limit(3) and friends in some places regardless of whether we actually enter capability mode (to keep the code simple), so those should continue to succeed even if capability mode is not supported. 2021-07-20Don't apply uiThreshold to Network and DebugJune McEnroe Messages don't really need to be hidden from <network> and I think it could be confusing. Debug messages are all Cold so everything would be hidden, and I want to keep them that way so that <debug> doesn't clutter the status line needlessly. 2021-07-20Add -q/quiet option to raise default message visibility thresholdKlemens Nanni Silencing all windows with `M-+' (across multiple catgirl instances) can be cumbersome, so provide an option to hide events, JOIN/PART noise, etc. by default (each window's threshold will persist across load/save cycles, i.e. when using the `-s/save' option). Started out as `-v | visibility = threshold' to set a specific level, the idea of a simpler toggle comes from june, who also squashed other bugs (as usual). 2021-07-15chat.tmux.conf: Fix base-index settingKlemens Nanni "base-index" expects integer values, tmux prints a warning at load-time but otherwise ignores the configuration line. 2021-07-15Use /ns in manual exampleKlemens Nanni Follow a79a3fc "Use NS and CS server aliases". 2021-07-13Move platform-dependent sandboxing code out of mainJune McEnroe To keep the "main" sequence of events on one screen, while emphasizing that sandboxing happens either side of ircConnect(). 2021-07-13Move all UI initialization togetherJune McEnroe 2021-07-13Perform TLS handshake after final pledgeKlemens Nanni ircConnect() yields a connected TCP socket after which "inet dns" is no longer needed. Possibly having loaded private key material, it seems a tad more comforting to speak TLS *after* dropping any network capabilities (except for socket read/write to the IRC host, of course). Instead of moving the final pledge into irc.c:ircConnect() and thus complicating the code around pledge across two C modules, simply stub out an mnemonic ircHandshake() and call that explicitly. This restores behaviour gained with 981ebc4 "Remove explicit tls_handshake(3) from ircConnect" which was reverted for other reasons. 2021-07-13Explicitly clear TLS secrets afer handshakeKlemens Nanni No need to keep them at runtime; do so unconditionally for the sake of simplicity. Declare TLS config globally so ircConnect() can clear it and declare both client and config statically as they are not used outside the irc.c module. 2021-07-13Revert "Remove explicit tls_handshake(3) from ircConnect"Klemens Nanni This reverts commit 981ebc4f12b88fbf52ed0352428a0612dd2c2568. This broke `-o' to print the server certificate; without explicit handshake there will be no tls_read(3) in this short code path. 2021-07-13FreeBSD: Avoid caph_stream_rights(3)June McEnroe caph_stream_rights(3) doesn't exist before FreeBSD 13.0 and there's no good reason to create that dependency. I still run servers on FreeBSD 12. This is a partial revert of cbc9545cb3f76733030c867f32ddb6a922cd2907. 2021-07-13Disable /exec in Kiosk mode (as documented)Klemens Nanni 2021-07-13/whois takes an optional nick argumentKlemens Nanni 2021-07-13Reword and clarify parts of the manualJune McEnroe Mostly related to the utilities options. 2021-07-13Use CS command for paramless /op and /voiceJune McEnroe Should match the actual /cs command. 2021-07-13Condense markup for ignore/highlight formatJune McEnroe 2021-07-13Point out precedence of multiple files and flagsJune McEnroe 2021-07-13Zero out server password after sendingJune McEnroe Also send it directly using ircSend to avoid copying it and logging it to <debug>. 2021-07-13Make -o/printCert not load any files, pledge even earlierKlemens Nanni No point in trying to load a self-signed server certificate which we are about to get from the server in the first place. No need to read client certificate/key files when all we want is the server certificate: in TLS the server always sends its certificate before the client replies with any key material, i.e. catgirl sending client data is useless. catgirl(1) synopsis also notes how these options are irrelevant in the -o/printCert case. As a result, ircConfig() no longer requires any filesystem I/O in this case, so hoist the purely network I/O related pledge() call to enforce this -- more secure, self-documenting code! 2021-07-13Attempt to keep "security" in README accurateJune McEnroe It's a short summary trying to cover different systems... 2021-07-13OpenBSD: merge unveil and pledge logic a bitKlemens Nanni This reads somewhat clearer as code is grouped by features instead of security mechanisms by simply merging identical tests/conditions. No functional change. 2021-07-13OpenBSD: unveil logs regardless of restrict modeKlemens Nanni Simplify logic and decouple the two features such that the code gets even more self-ducumenting. Previously `catgirl -R -l' would never unveil and therefore "proc exec" could execute arbitrary paths without "rpath" as is usual unveil/pledge semantic. Now that `catgirl -l' alone triggers unveil(2), previous "proc exec" alone is not enough since the first unveil() hides everything else from filesystem; unveil all of root executable-only in order to restore non-restrict mode's visibility. This leaves yields distinct cases wrt. filesystem visibility (hoisted save file functionality excluded): 1. restrict on, log off: no access 2. restrict on, log on : logdir write/create 3. restrict off, log off: all exec-only 4. restrict off, log on : logdir write/create, all else exec-only In the first case `unveil("/", "")' could be used but with no benefit as the later lack of "rpath wpath cpath", i.e. filesystem access is revoked entirely by pledge alone already. Practically, this does not change functionality but improves correctness and readability. 2021-07-02Save invited channel for /joinJune McEnroe 2021-06-28Move security to the features listJune McEnroe The restrict option now enables real sandboxing on the two main target systems. 2021-06-28OpenBSD: unveil the log directory specificallyJune McEnroe The call to logOpen() will have already created the directory. Still use dataMkdir() as a convenient way to get the created path. 2021-06-28FreeBSD: Use capsicum_helpers.hJune McEnroe 2021-06-25Set MANDIR in chrootJune McEnroe 2021-06-25FreeBSD: Limit rights on log directoryJune McEnroe 2021-06-25FreeBSD: Limit rights on save fileJune McEnroe 2021-06-25FreeBSD: Limit rights on stdio and socketJune McEnroe 2021-06-25Remove explicit tls_handshake(3) from ircConnectJune McEnroe The first call to ircFormat, which calls tls_write(3) in turn, will perform the handshake anyway. This way the handshake happens after the final pledge(2) call. 2021-06-25Move setting CLOEXEC on socket to ircConnectJune McEnroe 2021-06-25FreeBSD: Enter capabilities mode if restrictedJune McEnroe 2021-06-25Keep log directory open, use mkdirat(2) and openat(2)June McEnroe 2021-06-24Encourage packagers to patch in text macrosJune McEnroe Maybe no one will ever do it but I think it's a fun idea. 2021-06-24Stop at previous \ when expanding macrosJune McEnroe There was no reason to ever require whitespace before the macro name. 2021-06-21Replace SIGWINCH XXX comment with better explanationJune McEnroe 2021-06-21Register SIGWINCH handler before TLS connectKlemens Nanni Otherwise resizing the terminal will end catgirl until a handler is registered, e.g. while in ircConnect(): catgirl: tls_handshake: (null) Hoist registration right after uiInitEarly() as earliest possible point in main() since initscr(3) sets up various signals incl. SIGWINCH, i.e. initialise `cursesWinch' afterwards to pick up curses(3)'s handler. 2021-06-21Handle EINTR from connect(2) gracefullyKlemens Nanni Resizing the window early on may return early due to SIGWINCH. Continue asynchronously in that case instead of exiting. 2021-06-21Use NS and CS server aliasesJune McEnroe I think I didn't use these originally because they were misconfigured on tilde.chat, but they work now, and supposedly server aliases should be more secure/reliable. 2021-06-21Open log files with CLOEXECJune McEnroe 2021-06-21Open save file with CLOEXECJune McEnroe Otherwise a lingering process from /copy for example could hold the lock. 2021-06-20Use "secure" libtls ciphersKlemens Nanni d3e90b6 'Use libtls "compat" ciphers' from 2018 fell back to "compat" ciphers to support irc.mozilla.org which now yields NXDOMAIN. All modern networks (should) support secure ciphers, so drop the hopefully unneeded list of less secure ciphers by avoiding tls_config_set_ciphers(3) and therefore sticking to the "secure" aka. "default" set of ciphers in libtls. A quick check shows that almost all of the big/known IRC networks support TLS1.3 already; those who do not at least comply with SSL_CTX_set_cipher_list(3)'s "HIGH" set as can be tested like this: echo \ irc.hackint.org \ irc.tilde.chat \ irc.libera.chat \ irc.efnet.nl \ irc.oftc.net | xargs -tn1 \ openssl s_client -quiet -cipher HIGH -no_ign_eof -port 6697 -host