diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2017-02-22 16:20:01 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2017-02-22 16:20:01 +0000 |
commit | e0443320f54c8a62a9b68da4d72782b1caca44c6 (patch) | |
tree | 194ab673a3e7ae3f936ea9a16001c085f1280068 /cgi.c | |
parent | 1e3130ad3be292657bd987599ef9ec5250cbe878 (diff) | |
download | mandoc-e0443320f54c8a62a9b68da4d72782b1caca44c6.tar.gz mandoc-e0443320f54c8a62a9b68da4d72782b1caca44c6.tar.zst mandoc-e0443320f54c8a62a9b68da4d72782b1caca44c6.zip |
Pledge man.cgi(8).
Based on a more complicated patch from semarie@.
Sebastien and tb@ both agree with the simplification.
Diffstat (limited to 'cgi.c')
-rw-r--r-- | cgi.c | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $Id: cgi.c,v 1.147 2017/02/08 13:34:27 schwarze Exp $ */ +/* $Id: cgi.c,v 1.148 2017/02/22 16:20:01 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@usta.de> @@ -978,6 +978,22 @@ main(void) const char *querystring; int i; +#if HAVE_PLEDGE + /* + * The "rpath" pledge could be revoked after mparse_readfd() + * if the file desciptor to "/footer.html" would be opened + * up front, but it's probably not worth the complication + * of the code it would cause: it would require scattering + * pledge() calls in multiple low-level resp_*() functions. + */ + + if (pledge("stdio rpath", NULL) == -1) { + warn("pledge"); + pg_error_internal(); + return EXIT_FAILURE; + } +#endif + /* Poor man's ReDoS mitigation. */ itimer.it_value.tv_sec = 2; |