[prev in list] [next in list] [prev in thread] [next in thread]
List: mandoc-source
Subject: mdocml: Pledge man.cgi(8).
From: schwarze () mdocml ! bsd ! lv
Date: 2017-02-22 16:20:31
Message-ID: 2214404301053128998.enqueue () fantadrom ! bsd ! lv
[Download RAW message or body]
Log Message:
-----------
Pledge man.cgi(8).
Based on a more complicated patch from semarie@.
Sebastien and tb@ both agree with the simplification.
Modified Files:
--------------
mdocml:
cgi.c
Revision Data
-------------
Index: cgi.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/cgi.c,v
retrieving revision 1.147
retrieving revision 1.148
diff -Lcgi.c -Lcgi.c -u -p -r1.147 -r1.148
--- cgi.c
+++ cgi.c
@@ -978,6 +978,22 @@ main(void)
const char *querystring;
int i;
+#if HAVE_PLEDGE
+ /*
+ * The "rpath" pledge could be revoked after mparse_readfd()
+ * if the file desciptor to "/footer.html" would be opened
+ * up front, but it's probably not worth the complication
+ * of the code it would cause: it would require scattering
+ * pledge() calls in multiple low-level resp_*() functions.
+ */
+
+ if (pledge("stdio rpath", NULL) == -1) {
+ warn("pledge");
+ pg_error_internal();
+ return EXIT_FAILURE;
+ }
+#endif
+
/* Poor man's ReDoS mitigation. */
itimer.it_value.tv_sec = 2;
--
To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic