From c6ec5bc553ff58c845c13f2bb2860d9e05a75d6f Mon Sep 17 00:00:00 2001
From: Jon duSaint
Date: Mon, 2 Oct 2023 11:24:36 -0700
Subject: reolink: Security fixes for LWP::UserAgent

Modify pledge/unveil calls so LWP::UserAgent will work.
---
 reolink/reolink | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'reolink')

diff --git a/reolink/reolink b/reolink/reolink
index 0ee690e..b932af9 100755
--- a/reolink/reolink
+++ b/reolink/reolink
@@ -729,13 +729,14 @@ sub run {
   main::load_params (\%server_params);
 
   unless ($debug) {
-    pledge (qw/rpath wpath cpath inet exec proc unix unveil/) or die "Failed to pledge: $!";
+    pledge (qw/rpath wpath cpath inet exec proc prot_exec unix unveil/) or die "Failed to pledge: $!";
     openlog ('reolink', 'PID', LOG_DAEMON);
     message ('startup');
     $SIG{__DIE__} = sub { syslog (LOG_CRIT, "fatal: @_") };
 
     daemonize;
 
+    unveil ($_, 'rx')                          || die "unveil($_): $!" foreach @INC;
     unveil ($server_params{spool_dir}, 'rwxc') || die "unveil($server_params{spool_dir}): $!";
     unveil ($global_config->{socket}, 'rwc')   || die "unveil($global_config->{socket}): $!";
     unveil ($global_config->{config}, 'rwc')   || die "unveil($global_config->{config}): $!";
-- 
cgit v1.2.3