[hackers] [quark] Fix unveil(2) usage || Laslo Hunhold

From: <git_AT_suckless.org>
Date: Fri, 20 Mar 2020 20:39:10 +0100 (CET)

commit 5ee8c07e7e3e601fce49fbc2b170227924be3804
Author: Laslo Hunhold <dev_AT_frign.de>
AuthorDate: Fri Mar 20 20:35:34 2020 +0100
Commit: Laslo Hunhold <dev_AT_frign.de>
CommitDate: Fri Mar 20 20:35:34 2020 +0100

    Fix unveil(2) usage
    
    Thanks to the feedback by z0lqLA! I forgot that unveil(NULL, NULL)
    only locks further unveil calls when there has been at least _one_ prior
    call to unveil!
    
    To fix this, we reorder the calls and also make sure to call unveil()
    before we disallow unveils via pledge.
    
    Signed-off-by: Laslo Hunhold <dev_AT_frign.de>

diff --git a/main.c b/main.c
index c1ff489..eab952d 100644
--- a/main.c
+++ b/main.c
_AT_@ -387,10 +387,13 @@ main(int argc, char *argv[])
                 exit(0);
         default:
                 /* limit ourselves even further while we are waiting */
- eunveil(NULL, NULL);
                 if (udsname) {
+ eunveil(udsname, "c");
+ eunveil(NULL, NULL);
                         epledge("stdio cpath", NULL);
                 } else {
+ eunveil("/", "");
+ eunveil(NULL, NULL);
                         epledge("stdio", NULL);
                 }
 
Received on Fri Mar 20 2020 - 20:39:10 CET

This archive was generated by hypermail 2.3.0 : Fri Mar 20 2020 - 20:48:35 CET