quark

quark web server
git clone git://git.suckless.org/quark
Log | Files | Refs | LICENSE
commit 5ee8c07e7e3e601fce49fbc2b170227924be3804
parent 3c7049e9063edebbd1934178f263f9f3c9b8ddf5
Author: Laslo Hunhold <dev@frign.de>
Date:   Fri, 20 Mar 2020 20:35:34 +0100

Fix unveil(2) usage

Thanks to the feedback by z0lqLA! I forgot that unveil(NULL, NULL)
only locks further unveil calls when there has been at least _one_ prior
call to unveil!

To fix this, we reorder the calls and also make sure to call unveil()
before we disallow unveils via pledge.

Signed-off-by: Laslo Hunhold <dev@frign.de>

Diffstat:

Mmain.c | 5++++-


1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/main.c b/main.c
@@ -387,10 +387,13 @@ main(int argc, char *argv[])
 		exit(0);
 	default:
 		/* limit ourselves even further while we are waiting */
-		eunveil(NULL, NULL);
 		if (udsname) {
+			eunveil(udsname, "c");
+			eunveil(NULL, NULL);
 			epledge("stdio cpath", NULL);
 		} else {
+			eunveil("/", "");
+			eunveil(NULL, NULL);
 			epledge("stdio", NULL);
 		}