diff options
| author | default <nobody@localhost> | 2023-01-13 14:18:23 +0100 |
|---|---|---|
| committer | default <nobody@localhost> | 2023-01-13 14:18:23 +0100 |
| commit | 6406877af1177398c0c6087b39a745abb86b2c17 (patch) | |
| tree | f20e36a2e08874767a503e130877c34334e9cc23 | |
| parent | ed6a94ee14770289583a9530aee0cced92870da5 (diff) | |
Usage of unveil() and pledge() can be disabled from config.
| -rw-r--r-- | data.c | 29 |
1 files changed, 18 insertions, 11 deletions
@@ -87,17 +87,24 @@ int srv_open(char *basedir, int auto_upgrade) srv_log(error); #ifdef __OpenBSD__ - srv_debug(2, xs_fmt("Calling unveil()")); - unveil(basedir, "rwc"); - unveil("/usr/sbin/sendmail", "x"); - unveil("/etc/resolv.conf", "r"); - unveil("/etc/hosts", "r"); - unveil("/etc/ssl/openssl.cnf", "r"); - unveil("/etc/ssl/cert.pem", "r"); - unveil("/usr/share/zoneinfo", "r"); - unveil(NULL, NULL); - srv_debug(2, xs_fmt("Calling pledge()")); - pledge("stdio rpath wpath cpath flock inet proc exec dns", NULL); + char *v = xs_dict_get(srv_config, "disable_openbsd_security"); + + if (v && xs_type(v) == XSTYPE_TRUE) { + srv_debug(1, xs_dup("OpenBSD security disabled by admin")); + } + else { + srv_debug(1, xs_fmt("Calling unveil()")); + unveil(basedir, "rwc"); + unveil("/usr/sbin/sendmail", "x"); + unveil("/etc/resolv.conf", "r"); + unveil("/etc/hosts", "r"); + unveil("/etc/ssl/openssl.cnf", "r"); + unveil("/etc/ssl/cert.pem", "r"); + unveil("/usr/share/zoneinfo", "r"); + unveil(NULL, NULL); + srv_debug(1, xs_fmt("Calling pledge()")); + pledge("stdio rpath wpath cpath flock inet proc exec dns", NULL); + } #endif /* __OpenBSD__ */ return ret; |