Blob

Date:
Message:
split into two processes: listener and executor this way, we can sandbox the listener with seccomp (todo) or capsicum (already done) and still have CGI scripts. When we want to exec, we tell the executor what to do, the executor executes the scripts and send the fd backt to the listener.
Actions:
History | Blame | Raw File
1 #include "gmid.h"

3 #if defined(__FreeBSD__)

5 #include <sys/capsicum.h>

6 #include <err.h>

8 void

9 sandbox()

10 {

11 	struct vhost *h;

12 	int has_cgi = 0;

14 	for (h = hosts; h->domain != NULL; ++h)

15 		if (h->cgi != NULL)

16 			has_cgi = 1;

18 	if (cap_enter() == -1)

19 		err(1, "cap_enter");

20 }

22 #elif defined(__linux__)

24 void

25 sandbox()

26 {

27 	/* TODO: seccomp */

28 }

30 #elif defined(__OpenBSD__)

32 #include <err.h>

33 #include <unistd.h>

35 void

36 sandbox()

37 {

38 	struct vhost *h;

40 	for (h = hosts; h->domain != NULL; ++h) {

41 		if (unveil(h->dir, "rx") == -1)

42 			err(1, "unveil %s for domain %s", h->dir, h->domain);

43 	}

45 	if (pledge("stdio recvfd rpath inet", NULL) == -1)

46 		err(1, "pledge");

47 }

49 #else

51 void

52 sandbox()

53 {

54         LOGN(NULL, "%s", "no sandbox method known for this OS");

55 }

57 #endif