commit 66e1cf970a0d4c65c3140902532f2b85645aa7d0
from: Omar Polo <op@omarpolo.com>
date: Sat Aug 27 08:44:27 2022 UTC

create temp files in /tmp and don't allow writes to "."

there's little point to use pledge/unveil and then allow the program
to modify itself...

commit - 9d8482ab3a97d3cd0e22afbf8ae95144a0016e87
commit + 66e1cf970a0d4c65c3140902532f2b85645aa7d0
blob - 61819234a647342395b4717d50c8096ef6d242c7
blob + d26ebde712bc471750cd0a5bd88fccd448f264d5
--- filter-export
+++ filter-export
@@ -5,5 +5,5 @@ path="$(cd $OUTDIR && mktemp parts/$MESSAGE_ID.XXXXXXX
 # save the input
 cat > "$OUTDIR/$path"
 
-echo "<li><a href='/$path'>$(file -b "$OUTDIR/$path")</a></li>" >> parts.html
+echo "<li><a href='/$path'>$(file -b "$OUTDIR/$path")</a></li>" >> $PARTS_PATH
 exit 0
blob - 118a07527c58d6a27a2f0f2f86905a65fa439e4c
blob + 4dd152b94cfaefb541ce6bb15cfa76bb9498f1d5
--- mexp
+++ mexp
@@ -5,6 +5,7 @@ use utf8;
 use strict;
 use warnings;
 use v5.32;
+use File::Temp qw(tempfile);
 
 use OpenBSD::Pledge;
 use OpenBSD::Unveil;
@@ -17,9 +18,12 @@ die 'Set $OUTDIR' unless defined $outdir;
 
 unveil("/usr/local/bin/mshow", "rx") or die "unveil mshow: $!";
 unveil($outdir, "rwc") or die "unveil $outdir: $!";
-unveil(".", "rwc") or die "unveil .: $!";
-pledge("stdio rpath wpath cpath proc exec") or die "pledge: $!";
+unveil("/tmp", "rwc") or die "unveil /tmp: $!";
+unveil(".", "r") or die "unveil .: $!";
 
+# fattr because of File::Temp somehow.
+pledge("stdio rpath wpath cpath proc exec fattr") or die "pledge: $!";
+
 my $tid;
 while (<>) {
 	my ($level, $fname, $mid, $date, $from, $subj) = parse;
@@ -34,11 +38,10 @@ while (<>) {
 
 	initpage $fh, $subj;
 
-	# prepare the parts listing file
-	$ENV{'MESSAGE_ID'} = $mid;
-	open(my $parts, '+>', "parts.html")
-	    or die "can't create parts.html: $!";
+	my ($pfh, $parts) = tempfile "/tmp/gotmark.parts.XXXXXXXXXX";
 
+	$ENV{'PARTS_PATH'} = $parts;
+	$ENV{'MESSAGE_ID'} = $mid;
 	open(my $mshow, "-|", "mshow", "-nNA", "text/plain", $fname)
 	    or die "can't exec mshow: $!";
 
@@ -67,7 +70,7 @@ while (<>) {
 
 	# generate the listing for the exported parts
 	my $part_seen = 0;
-	while (<$parts>) {
+	while (<$pfh>) {
 		if (!$part_seen) {
 			$part_seen = 1;
 			say $fh "<ul class='parts'>";
@@ -80,8 +83,8 @@ while (<>) {
 
 	close($text);
 	close($mshow);
-	close($parts);
+	close($pfh);
 	close($fh);
-}
 
-unlink "parts.html";
+	unlink $parts;
+}
blob - ed1c995d39b362f9563d355356d46354a83b09b2
blob + da12a10684b2fcb3502d8b57c05355a0bc96eb17
--- mkindex
+++ mkindex
@@ -53,7 +53,9 @@ sub nextfile {
 	endfile if defined $pfh;
 	$page += 1;
 	my $path = pagename($page);
-	open($pfh, '>', $path)
+
+	# XXX: mkstemp would be better...
+	open($pfh, '>', "/tmp/$path")
 	    or die "can't open $path: $!";
 	say $pfh "<div class='thread'><ul>";
 }
@@ -84,8 +86,9 @@ sub renderpages {
 	close($pfh);
 
 	for (my $i = 1; $i <= $page; $i++) {
-		my $path = pagename($i);
-		my $dest = "$outdir/$path";
+		my $name = pagename($i);
+		my $path = "/tmp/$name";
+		my $dest = "$outdir/$name";
 
 		open(my $pfh, '>', $dest)
 		    or die "can't open $dest for writing: $!";
@@ -152,7 +155,8 @@ sub thread_entry {
 }
 
 unveil($outdir, "rwc") or die "unveil $outdir: $!";
-unveil(".", "rwc") or die "unveil .: $!";
+unveil(".", "r") or die "unveil .: $!";
+unveil("/tmp", "rwc") or die "unveil /tmp: $!";
 
 pledge("stdio rpath wpath cpath") or die "pledge: $!";