From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from localhost (fantadrom.bsd.lv [local]) by fantadrom.bsd.lv (OpenSMTPD) with ESMTPA id 639bdd78 for ; Wed, 22 Feb 2017 11:20:31 -0500 (EST) Date: Wed, 22 Feb 2017 11:20:31 -0500 (EST) Message-Id: <2214404301053128998.enqueue@fantadrom.bsd.lv> X-Mailinglist: mdocml-source Reply-To: source@mdocml.bsd.lv MIME-Version: 1.0 From: schwarze@mdocml.bsd.lv To: source@mdocml.bsd.lv Subject: mdocml: Pledge man.cgi(8). X-Mailer: activitymail 1.26, http://search.cpan.org/dist/activitymail/ Content-Type: text/plain; charset=utf-8 Log Message: ----------- Pledge man.cgi(8). Based on a more complicated patch from semarie@. Sebastien and tb@ both agree with the simplification. Modified Files: -------------- mdocml: cgi.c Revision Data ------------- Index: cgi.c =================================================================== RCS file: /home/cvs/mdocml/mdocml/cgi.c,v retrieving revision 1.147 retrieving revision 1.148 diff -Lcgi.c -Lcgi.c -u -p -r1.147 -r1.148 --- cgi.c +++ cgi.c @@ -978,6 +978,22 @@ main(void) const char *querystring; int i; +#if HAVE_PLEDGE + /* + * The "rpath" pledge could be revoked after mparse_readfd() + * if the file desciptor to "/footer.html" would be opened + * up front, but it's probably not worth the complication + * of the code it would cause: it would require scattering + * pledge() calls in multiple low-level resp_*() functions. + */ + + if (pledge("stdio rpath", NULL) == -1) { + warn("pledge"); + pg_error_internal(); + return EXIT_FAILURE; + } +#endif + /* Poor man's ReDoS mitigation. */ itimer.it_value.tv_sec = 2; -- To unsubscribe send an email to source+unsubscribe@mdocml.bsd.lv