extern/endlessh
1
0
Fork 1
mirror of https://github.com/skeeto/endlessh.git synced 2024-11-29 00:13:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use unveil(2) to restrict reading config file only

Browse Source 
Closes #36.
This commit is contained in:
arun 2019-08-06 06:15:44 +05:30 committed by Christopher Wellons
parent b2c811ecf7
commit df0ffbf629
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
endlessh.c
View File

@ -1,5 +1,5 @@
#if defined(__OpenBSD__) #if defined(__OpenBSD__)
# define _BSD_SOURCE /* for pledge(2) */ # define _BSD_SOURCE /* for pledge(2) and unveil(2) */
#else #else
# define _XOPEN_SOURCE 600 # define _XOPEN_SOURCE 600
#endif #endif
@ -601,13 +601,15 @@ sendline(struct client *client, int max_line_length, unsigned long *rng)
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
#if (defined(__OpenBSD__)) struct config config = CONFIG_DEFAULT;
if (pledge("inet stdio rpath", NULL) == -1) const char *config_file = DEFAULT_CONFIG_FILE;
#if defined(__OpenBSD__)
unveil(config_file, "r"); /* return ignored as the file may not exist */
if (pledge("inet stdio rpath unveil", 0) == -1)
die(); die();
#endif #endif
struct config config = CONFIG_DEFAULT;
const char *config_file = DEFAULT_CONFIG_FILE;
config_load(&config, config_file, 1); config_load(&config, config_file, 1);
int option; int option;
@ -624,6 +626,13 @@ main(int argc, char **argv)
break; break;
case 'f': case 'f':
config_file = optarg; config_file = optarg;
#if defined(__OpenBSD__)
unveil(config_file, "r");
if (unveil(0, 0) == -1)
die();
#endif
config_load(&config, optarg, 1); config_load(&config, optarg, 1);
break; break;
case 'h': case 'h':