Fixed sandboxing of the unix socket.

author: default 2025-01-06 07:33:23 +0100
committer: default 2025-01-06 07:33:23 +0100
commit: c3be99bcf4989118e9ec7cc6a4f05b0842029122 (patch)
tree: 52fa22b2632423de19c46832bfe4d9f4199f68b5
parent: Updated documentation. (diff)
download: penes-snac2-c3be99bcf4989118e9ec7cc6a4f05b0842029122.tar.gz
penes-snac2-c3be99bcf4989118e9ec7cc6a4f05b0842029122.tar.xz
penes-snac2-c3be99bcf4989118e9ec7cc6a4f05b0842029122.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/sandbox.c b/sandbox.c
index 138fc74..efd0db5 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -63,8 +63,14 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
    if (mtime("/etc/pki") > 0)
        LL_PATH("/etc/pki",         rf       );
-    if (*address == '/')
+    if (*address == '/') {
-        LL_PATH(address, s);
+        /* the directory holding the socket must be allowed */
+        xs *l = xs_split(address, "/");
+        l = xs_list_del(l, -1);
+        xs *sdir = xs_join(l, "/");
+        LL_PATH(sdir, s);
+    }
    if (smail)
        LL_PATH("/usr/sbin/sendmail", x);
author	default	2025-01-06 07:33:23 +0100
committer	default	2025-01-06 07:33:23 +0100
commit	c3be99bcf4989118e9ec7cc6a4f05b0842029122 (patch)
tree	52fa22b2632423de19c46832bfe4d9f4199f68b5
parent	Updated documentation. (diff)
download	penes-snac2-c3be99bcf4989118e9ec7cc6a4f05b0842029122.tar.gz penes-snac2-c3be99bcf4989118e9ec7cc6a4f05b0842029122.tar.xz penes-snac2-c3be99bcf4989118e9ec7cc6a4f05b0842029122.zip