[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandoc-source
Subject:    mdocml: Pledge man.cgi(8).
From:       schwarze () mdocml ! bsd ! lv
Date:       2017-02-22 16:20:31
Message-ID: 2214404301053128998.enqueue () fantadrom ! bsd ! lv
[Download RAW message or body]

Log Message:
-----------
Pledge man.cgi(8).
Based on a more complicated patch from semarie@.
Sebastien and tb@ both agree with the simplification.

Modified Files:
--------------
    mdocml:
        cgi.c

Revision Data
-------------
Index: cgi.c
===================================================================
RCS file: /home/cvs/mdocml/mdocml/cgi.c,v
retrieving revision 1.147
retrieving revision 1.148
diff -Lcgi.c -Lcgi.c -u -p -r1.147 -r1.148
--- cgi.c
+++ cgi.c
@@ -978,6 +978,22 @@ main(void)
 	const char	*querystring;
 	int		 i;
 
+#if HAVE_PLEDGE
+	/*
+	 * The "rpath" pledge could be revoked after mparse_readfd()
+	 * if the file desciptor to "/footer.html" would be opened
+	 * up front, but it's probably not worth the complication
+	 * of the code it would cause: it would require scattering
+	 * pledge() calls in multiple low-level resp_*() functions.
+	 */
+
+	if (pledge("stdio rpath", NULL) == -1) {
+		warn("pledge");
+		pg_error_internal();
+		return EXIT_FAILURE;
+	}
+#endif
+
 	/* Poor man's ReDoS mitigation. */
 
 	itimer.it_value.tv_sec = 2;
--
 To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv

[prev in list] [next in list] [prev in thread] [next in thread]