diff options
| author | Ingo Schwarze <schwarze@openbsd.org> | 2017-02-22 16:20:01 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@openbsd.org> | 2017-02-22 16:20:01 +0000 |
| commit | 20b0938b1da4fd3f51912c4fff9da73b327b9586 (patch) | |
| tree | 2df59e8f1953d184d074c0c330e5e4690e82d8a2 | |
| parent | 65cee38304172c6c1526f3ed7bdabf02ac60ad56 (diff) | |
| download | mandoc-20b0938b1da4fd3f51912c4fff9da73b327b9586.tar.gz | |
Pledge man.cgi(8).
Based on a more complicated patch from semarie@.
Sebastien and tb@ both agree with the simplification.
| -rw-r--r-- | cgi.c | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -978,6 +978,22 @@ main(void) const char *querystring; int i; +#if HAVE_PLEDGE + /* + * The "rpath" pledge could be revoked after mparse_readfd() + * if the file desciptor to "/footer.html" would be opened + * up front, but it's probably not worth the complication + * of the code it would cause: it would require scattering + * pledge() calls in multiple low-level resp_*() functions. + */ + + if (pledge("stdio rpath", NULL) == -1) { + warn("pledge"); + pg_error_internal(); + return EXIT_FAILURE; + } +#endif + /* Poor man's ReDoS mitigation. */ itimer.it_value.tv_sec = 2; |