From c3be99bcf4989118e9ec7cc6a4f05b0842029122 Mon Sep 17 00:00:00 2001
From: default
Date: Mon, 6 Jan 2025 07:33:23 +0100
Subject: Fixed sandboxing of the unix socket.

---
 sandbox.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'sandbox.c')

diff --git a/sandbox.c b/sandbox.c
index 138fc74..efd0db5 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -63,8 +63,14 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
     if (mtime("/etc/pki") > 0)
         LL_PATH("/etc/pki",         rf       );
 
-    if (*address == '/')
-        LL_PATH(address, s);
+    if (*address == '/') {
+        /* the directory holding the socket must be allowed */
+        xs *l = xs_split(address, "/");
+        l = xs_list_del(l, -1);
+        xs *sdir = xs_join(l, "/");
+
+        LL_PATH(sdir, s);
+    }
 
     if (smail)
         LL_PATH("/usr/sbin/sendmail", x);
-- 
cgit v1.2.3