qbit/widdler
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ratched down some needed unveils

Browse Source
This commit is contained in:
Aaron Bieber 2021-05-20 18:33:35 -06:00
parent 7b16296562
commit 7f03d5e16e
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
main.go
View File

@ -88,7 +88,7 @@ func init() {
flag.Parse() flag.Parse()
// These are OpenBSD specific protections used to prevent unnecessary file access. // These are OpenBSD specific protections used to prevent unnecessary file access.
_ = protect.Unveil(passPath, "r") _ = protect.Unveil(passPath, "rwc")
_ = protect.Unveil(davDir, "rwc") _ = protect.Unveil(davDir, "rwc")
_ = protect.Unveil("/etc/ssl/cert.pem", "r") _ = protect.Unveil("/etc/ssl/cert.pem", "r")
_ = protect.Unveil("/etc/resolv.conf", "r") _ = protect.Unveil("/etc/resolv.conf", "r")
@ -157,6 +157,8 @@ func prompt(prompt string, secure bool) (string, error) {
} }
func main() { func main() {
_ = protect.Pledge("stdio wpath rpath cpath inet dns unveil")
if genHtpass { if genHtpass {
user, err := prompt("Username: ", false) user, err := prompt("Username: ", false)
if err != nil { if err != nil {
@ -189,6 +191,10 @@ func main() {
os.Exit(0) os.Exit(0)
} }
// drop to only read on passPath
_ = protect.Unveil(passPath, "r")
_ = protect.Pledge("stdio wpath rpath cpath inet dns")
_, fErr := os.Stat(passPath) _, fErr := os.Stat(passPath)
if os.IsNotExist(fErr) { if os.IsNotExist(fErr) {
if auth { if auth {