diff options
| author |  Alvar Penning | 2026-02-05 20:58:25 +0100 |
|---|---|---|
| committer | Alvar Penning | 2026-02-05 21:17:44 +0100 |
| commit | ea81780895702b08b0b93ff48bd1876330632b89 (patch) | |
| tree | 007d4ef16eb1c2d4c20410491754beb07319f610 /data.c | |
| parent | Updated TODO. (diff) | |
| download | snac2-ea81780895702b08b0b93ff48bd1876330632b89.tar.gz snac2-ea81780895702b08b0b93ff48bd1876330632b89.tar.xz snac2-ea81780895702b08b0b93ff48bd1876330632b89.zip | |
strip_exif support for the OpenBSD sandbox
Change the strip_exif logic to work with the already existing OpenBSD
sandbox and allow ffmpeg and mogrify to be executed.
The previous strip_exif implementation relied on system(3), effectively
starting "/bin/sh" and executing the required tool within a shell
session. Making this work in the sandbox would require to allow
executing "/bin/sh", rendering the sandbox useless.
Thus, the code now starts determining the absolute path of the tools -
unless they are given as ffmpeg_path or mogrify_path - and allowing them
to be executed via unveil(2). Then, instead of the system(3) call, the
good old fork(2) and execve(2) dance is performed.
The sbox_enter code was made aware of strip_exif, which resulted in a
pledge(2) violation before when disable_email_notifications was set to
false. Furthermore, the detected paths of the tools are now allowed.
Diffstat (limited to 'data.c')
| -rw-r--r-- | data.c | 19 |
1 files changed, 6 insertions, 13 deletions
| @@ -100,19 +100,12 @@ int srv_open(const char *basedir, int auto_upgrade) | |||
| 100 | 100 | ||
| 101 | if (auto_upgrade) | 101 | if (auto_upgrade) |
| 102 | ret = snac_upgrade(&error); | 102 | ret = snac_upgrade(&error); |
| 103 | else { | 103 | else if (xs_number_get(xs_dict_get(srv_config, "layout")) < disk_layout) |
| 104 | if (xs_number_get(xs_dict_get(srv_config, "layout")) < disk_layout) | 104 | error = xs_fmt("ERROR: disk layout changed - execute 'snac upgrade' first"); |
| 105 | error = xs_fmt("ERROR: disk layout changed - execute 'snac upgrade' first"); | 105 | else if (!check_strip_tool()) |
| 106 | else { | 106 | error = xs_fmt("ERROR: strip_exif enabled but commands not found or working"); |
| 107 | if (!check_strip_tool()) { | 107 | else |
| 108 | const char *mp = xs_dict_get(srv_config, "mogrify_path"); | 108 | ret = 1; |
| 109 | if (mp == NULL) mp = "mogrify"; | ||
| 110 | error = xs_fmt("ERROR: strip_exif enabled but '%s' not found or not working (set 'mogrify_path' in server.json)", mp); | ||
| 111 | } | ||
| 112 | else | ||
| 113 | ret = 1; | ||
| 114 | } | ||
| 115 | } | ||
| 116 | } | 109 | } |
| 117 | 110 | ||
| 118 | } | 111 | } |