Commit Diff

Commit:
d09716535c4c4bc66f0d7c84a98e4cc5a5893b84
From:
Omar Polo <op@omarpolo.com>
Date:
Message:
add a safe/sandbox mode When enabled with the -S (or --safe) flag, prevent telescope from writing files to the disk.
Actions:
Patch | Tree
commit - e1ceb4cf5bba4c7ca1bacb584b20798b84273ee9
commit + d09716535c4c4bc66f0d7c84a98e4cc5a5893b84
blob - 462aef66a6475a582a9572f5d70ec2c86469403f
blob + e5ce3e0abbc76390d98944ce2b337928f83830b1
--- session.c
+++ session.c
@@ -121,6 +121,9 @@ save_session(void)
 	char		*t;
 	int		 flags;
 
+	if (safe_mode)
+		return;
+
 	ui_send_fs(IMSG_SESSION_START, 0, NULL, 0);
 
 	TAILQ_FOREACH(tab, &tabshead, tabs) {
blob - a77afcdd312bae2d9ae63faf701bd78e6bcd3e19
blob + 3321e7b528831e9b94193625889b449b33b5af06
--- telescope.1
+++ telescope.1
@@ -11,7 +11,7 @@
 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: August 27 2021$
+.Dd $Mdocdate: September 15 2021$
 .Dt TELESCOPE 1
 .Os
 .Sh NAME
@@ -20,7 +20,7 @@
 .Sh SYNOPSIS
 .Nm
 .Bk -words
-.Op Fl Chnv
+.Op Fl ChnSv
 .Op Fl c Pa config
 .Op Ar URL
 .Ek
@@ -46,6 +46,13 @@ Display version and usage.
 .It Fl n
 Configtest mode.
 Only check the configuration file for validity.
+.It Fl S , Fl -safe
+.Dq Safe
+.Pq or Dq sandbox
+mode.
+Prevent
+.Nm
+from writing files to the disk.
 .It Fl v , Fl -version
 Display version.
 .El
blob - 7653cf0d28c70cb202dff74ff97aad34984ee4a9
blob + baf14a1a8dd8bbe8b1b9ff36a544b826d524ea30
--- telescope.c
+++ telescope.c
@@ -37,17 +37,24 @@
 static struct option longopts[] = {
 	{"colors",	no_argument,	NULL,	'c'},
 	{"help",	no_argument,	NULL,	'h'},
+	{"safe",	no_argument,	NULL,	'S'},
 	{"version",	no_argument,	NULL,	'v'},
 	{NULL,		0,		NULL,	0},
 };
 
-static const char *opts = "Cc:hnT:v";
+static const char *opts = "Cc:hnST:v";
 
 /*
  * Used to know when we're finished loading.
  */
 int			 operating;
 
+/*
+ * "Safe" (or "sandobox") mode.  If enabled, Telescope shouldn't write
+ * anything to the filesystem or execute external programs.
+ */
+int			safe_mode;
+
 static struct imsgev	*iev_fs, *iev_net;
 
 struct tabshead		 tabshead = TAILQ_HEAD_INITIALIZER(tabshead);
@@ -268,8 +275,11 @@ handle_check_cert_user_choice(int accept, struct tab *
 		tofu_temp_trust(&certs, tab->uri.host, tab->uri.port,
 		    tab->cert);
 
-		ui_yornp("Save the new certificate?",
-		    handle_maybe_save_new_cert, tab);
+		if (!safe_mode)
+			ui_yornp("Save the new certificate?",
+			    handle_maybe_save_new_cert, tab);
+		else
+			message("Certificate temporarly trusted");
 	} else {
 		free(tab->cert);
 		tab->cert = NULL;
@@ -383,8 +393,9 @@ handle_imsg_got_meta(struct imsg *imsg, size_t datalen
 		} else {
 			load_page_from_str(tab,
 			    err_pages[UNKNOWN_TYPE_OR_CSET]);
-			ui_yornp("Can't display page, save it?",
-			    handle_maybe_save_page, tab);
+			if (!safe_mode)
+				ui_yornp("Can't display page, save it?",
+				    handle_maybe_save_page, tab);
 		}
 	} else if (tab->code < 40) { /* 3x */
 		tab->redirect_count++;
@@ -1035,7 +1046,7 @@ ui_send_fs(int type, uint32_t peerid, const void *data
 static void __attribute__((noreturn))
 usage(int r)
 {
-	fprintf(stderr, "USAGE: %s [-hnv] [-c config] [url]\n",
+	fprintf(stderr, "USAGE: %s [-hnSv] [-c config] [url]\n",
 	    getprogname());
 	fprintf(stderr, "version: " PACKAGE " " VERSION "\n");
 	exit(r);
@@ -1079,6 +1090,9 @@ main(int argc, char * const *argv)
 			break;
 		case 'h':
 			usage(0);
+		case 'S':
+			safe_mode = 1;
+			break;
 		case 'T':
 			switch (*optarg) {
 			case 'f':
blob - ffbff0e490391c6f58a3e547e73b66863c2d13eb
blob + ef98398b3626a915b01006ff3723470452943613
--- telescope.h
+++ telescope.h
@@ -321,6 +321,7 @@ void		 sandbox_fs_process(void);
 
 /* telescope.c */
 extern int operating;
+extern int safe_mode;
 
 void		 gopher_send_search_req(struct tab *, const char *);
 void		 load_url(struct tab *, const char *, const char *, int);