From ea81780895702b08b0b93ff48bd1876330632b89 Mon Sep 17 00:00:00 2001
From: Alvar Penning
Date: Thu, 5 Feb 2026 20:58:25 +0100
Subject: strip_exif support for the OpenBSD sandbox

Change the strip_exif logic to work with the already existing OpenBSD
sandbox and allow ffmpeg and mogrify to be executed.

The previous strip_exif implementation relied on system(3), effectively
starting "/bin/sh" and executing the required tool within a shell
session. Making this work in the sandbox would require to allow
executing "/bin/sh", rendering the sandbox useless.

Thus, the code now starts determining the absolute path of the tools -
unless they are given as ffmpeg_path or mogrify_path - and allowing them
to be executed via unveil(2). Then, instead of the system(3) call, the
good old fork(2) and execve(2) dance is performed.

The sbox_enter code was made aware of strip_exif, which resulted in a
pledge(2) violation before when disable_email_notifications was set to
false. Furthermore, the detected paths of the tools are now allowed.
---
 data.c | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

(limited to 'data.c')

diff --git a/data.c b/data.c
index 9616fee..1aac759 100644
--- a/data.c
+++ b/data.c
@@ -100,19 +100,12 @@ int srv_open(const char *basedir, int auto_upgrade)
 
                 if (auto_upgrade)
                     ret = snac_upgrade(&error);
-                else {
-                    if (xs_number_get(xs_dict_get(srv_config, "layout")) < disk_layout)
-                        error = xs_fmt("ERROR: disk layout changed - execute 'snac upgrade' first");
-                    else {
-                        if (!check_strip_tool()) {
-                            const char *mp = xs_dict_get(srv_config, "mogrify_path");
-                            if (mp == NULL) mp = "mogrify";
-                            error = xs_fmt("ERROR: strip_exif enabled but '%s' not found or not working (set 'mogrify_path' in server.json)", mp);
-                        }
-                        else
-                            ret = 1;
-                    }
-                }
+                else if (xs_number_get(xs_dict_get(srv_config, "layout")) < disk_layout)
+                    error = xs_fmt("ERROR: disk layout changed - execute 'snac upgrade' first");
+                else if (!check_strip_tool())
+                    error = xs_fmt("ERROR: strip_exif enabled but commands not found or working");
+                else
+                    ret = 1;
             }
 
         }
-- 
cgit v1.2.3