diff options
| author | Jon duSaint | 2023-10-02 11:24:36 -0700 |
|---|---|---|
| committer | Jon duSaint | 2023-10-02 11:24:36 -0700 |
| commit | c6ec5bc553ff58c845c13f2bb2860d9e05a75d6f (patch) | |
| tree | 8ecb436d22e172d523762af8dd634b2294fe4a84 | |
| parent | 3871aba12c9a3a09dbd2cea470031d7ca8f2533c (diff) | |
reolink: Security fixes for LWP::UserAgent
Modify pledge/unveil calls so LWP::UserAgent will work.
| -rwxr-xr-x | reolink/reolink | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/reolink/reolink b/reolink/reolink index 0ee690e..b932af9 100755 --- a/reolink/reolink +++ b/reolink/reolink @@ -729,13 +729,14 @@ sub run { main::load_params (\%server_params); unless ($debug) { - pledge (qw/rpath wpath cpath inet exec proc unix unveil/) or die "Failed to pledge: $!"; + pledge (qw/rpath wpath cpath inet exec proc prot_exec unix unveil/) or die "Failed to pledge: $!"; openlog ('reolink', 'PID', LOG_DAEMON); message ('startup'); $SIG{__DIE__} = sub { syslog (LOG_CRIT, "fatal: @_") }; daemonize; + unveil ($_, 'rx') || die "unveil($_): $!" foreach @INC; unveil ($server_params{spool_dir}, 'rwxc') || die "unveil($server_params{spool_dir}): $!"; unveil ($global_config->{socket}, 'rwc') || die "unveil($global_config->{socket}): $!"; unveil ($global_config->{config}, 'rwc') || die "unveil($global_config->{config}): $!"; |