quark web server
git clone git://git.suckless.org/quark
Log | Files | Refs | LICENSE

commit 5ee8c07e7e3e601fce49fbc2b170227924be3804
parent 3c7049e9063edebbd1934178f263f9f3c9b8ddf5
Author: Laslo Hunhold <dev@frign.de>
Date:   Fri, 20 Mar 2020 20:35:34 +0100

Fix unveil(2) usage

Thanks to the feedback by z0lqLA! I forgot that unveil(NULL, NULL)
only locks further unveil calls when there has been at least _one_ prior
call to unveil!

To fix this, we reorder the calls and also make sure to call unveil()
before we disallow unveils via pledge.

Signed-off-by: Laslo Hunhold <dev@frign.de>

Mmain.c | 5++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/main.c b/main.c @@ -387,10 +387,13 @@ main(int argc, char *argv[]) exit(0); default: /* limit ourselves even further while we are waiting */ - eunveil(NULL, NULL); if (udsname) { + eunveil(udsname, "c"); + eunveil(NULL, NULL); epledge("stdio cpath", NULL); } else { + eunveil("/", ""); + eunveil(NULL, NULL); epledge("stdio", NULL); }