From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.0 required=5.0 tests=T_SCC_BODY_TEXT_LINE
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 28590 invoked from network); 28 May 2022 16:53:07 -0000
Received: from 9front.inri.net (168.235.81.73)
  by inbox.vuxu.org with ESMTPUTF8; 28 May 2022 16:53:07 -0000
Received: from mimir.eigenstate.org ([206.124.132.107]) by 9front; Sat May 28 12:51:36 -0400 2022
Received: from abbatoir.myfiosgateway.com (pool-74-108-56-225.nycmny.fios.verizon.net [74.108.56.225])
	by mimir.eigenstate.org (OpenSMTPD) with ESMTPSA id 8c103791 (TLSv1.2:ECDHE-RSA-AES256-SHA:256:NO)
	for <9front@9front.org>;
	Sat, 28 May 2022 09:51:24 -0700 (PDT)
Message-ID: <B5973797B8A9E12627CD8864FA2009CD@eigenstate.org>
To: 9front@9front.org
Date: Sat, 28 May 2022 12:51:22 -0400
From: ori@eigenstate.org
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: component rich-client optimizer 
Subject: [9front] git: use new /dev/drivers for privdrop
Reply-To: 9front@9front.org
Precedence: bulk

This needs to be held off for a bit, but it seems
like a good idea: we shouldn't need any devices at
all for this code, so let's not keep them.

ddiff 01a6de812c2fd38c9a28036300e3c2c7dc8441f5 uncommitted
--- a/sys/src/cmd/git/serve.c
+++ b/sys/src/cmd/git/serve.c
@@ -5,7 +5,7 @@
 
 #include "git.h"
 
-char	*pathpfx = nil;
+char	*pathpfx = "/";
 int	allowwrite;
 
 int
@@ -469,6 +469,22 @@
 	return 0;
 }
 
+void
+privdrop(void)
+{
+	int fd;
+
+	if(rfork(RFNAMEG) == -1)
+		sysfatal("rfork: %r");
+	if((fd = open("#c/drivers", OWRITE)) == -1)
+		sysfatal("open drivers: %r");
+	if(bind(pathpfx, "/", MREPL) == -1)
+		sysfatal("bind: %r");
+	if(write(fd, "chdev &", strlen("chdev &")) == -1)
+		sysfatal("drop permissions: %r");
+	close(fd);
+}
+
 char*
 parsecmd(char *buf, char *cmd, int ncmd)
 {
@@ -518,15 +534,8 @@
 	}ARGEND;
 
 	gitinit();
+	privdrop();
 	interactive = 0;
-	if(rfork(RFNAMEG) == -1)
-		sysfatal("rfork: %r");
-	if(pathpfx != nil){
-		if(bind(pathpfx, "/", MREPL) == -1)
-			sysfatal("bind: %r");
-	}
-	if(rfork(RFNOMNT) == -1)
-		sysfatal("rfork: %r");
 
 	initconn(&c, 0, 1);
 	if(readpkt(&c, buf, sizeof(buf)) == -1)