commit d939d0f09e44d8bee3fd8f1519deddeb20b804ef
from: Omar Polo <op@omarpolo.com>
date: Sun Jan 17 09:33:45 2021 UTC

switch to getcwd

commit - 881dc835d05029b30bcb7dd229d2a0583fa6e360
commit + d939d0f09e44d8bee3fd8f1519deddeb20b804ef
blob - 334315b6b01aab28576ef29e8108b4ff7c363a7c
blob + 4cbaa86bad5ef46177ec9a1772befe21f369a925
--- README.md
+++ README.md
@@ -62,6 +62,9 @@ even if the presence of a sandbox.
 
 On OpenBSD, the listener process runs with the `stdio recvfd rpath
 inet` pledges and has `unveil(2)`ed only the directories that it
-serves; the executor has `stdio sendfd proc exec` as pledges.
+serves. Furthermore, the executor process has `stdio sendfd proc exec`
+as pledges.
 
-On FreeBSD, the executor process is sandboxed with `capsicum(4)`.
+On FreeBSD, the listener process is sandboxed with `capsicum(4)`.
+
+On linux, a seccomp filter is installed for the listener process.
blob - 56250f46649c67604df41cf2164e1a96ab8de5ff
blob + 1ab462879c80cf50f202a7db72f3b01e53ac0e4a
--- gmid.c
+++ gmid.c
@@ -673,7 +673,7 @@ absolutify_path(const char *path)
 	if (*path == '/')
 		return strdup(path);
 
-	wd = getwd(NULL);
+	wd = getcwd(NULL, 0);
 	if (asprintf(&r, "%s/%s", wd, path) == -1)
 		err(1, "asprintf");
 	free(wd);