commit ee448f5f104f873da32b5aa9139702b0377ebf3f
from: Stefan Sperling <stsp@stsp.name>
date: Wed Mar 18 16:13:47 2020 UTC

apply unveil(2) to 'got clone'

commit - 39c64a6a2cfff98be2b336a33ea1c33d74c1be9d
commit + ee448f5f104f873da32b5aa9139702b0377ebf3f
blob - a4c3339d7e06663040ec5665f146a4766066ced6
blob + 294153fb62870c454e30ddbf7055af7975cc7ae0
--- got/got.c
+++ got/got.c
@@ -1121,6 +1121,17 @@ cmd_clone(int argc, char *argv[])
 	if (error)
 		goto done;
 
+	if (strcmp(proto, "git+ssh") == 0 || strcmp(proto, "ssh") == 0) {
+		if (unveil(GOT_FETCH_PATH_SSH, "x") != 0) {
+			error = got_error_from_errno2("unveil",
+			    GOT_FETCH_PATH_SSH);
+			goto done;
+		}
+	}
+	error = apply_unveil(got_repo_get_path(repo), 0, NULL);
+	if (error)
+		goto done;
+
 	error = got_fetch_connect(&fetchfd, proto, host, port, server_path);
 	if (error)
 		goto done;
blob - f81637bef69919b12186fd2f50b4057a22217788
blob + c7d34a72ffb35176dd30e436cdd4254a019ffce7
--- include/got_fetch.h
+++ include/got_fetch.h
@@ -18,6 +18,10 @@
 #define GOT_DEFAULT_GIT_PORT		9418
 #define GOT_DEFAULT_GIT_PORT_STR	"9418"
 
+#ifndef GOT_FETCH_PATH_SSH
+#define GOT_FETCH_PATH_SSH	"/usr/bin/ssh"
+#endif
+
 /*
  * Attempt to parse a URI into the following parts:
  * A protocol scheme, hostname, port number (as a string), path on server,
blob - 5ba32f3fcccff288621460ea6a7754a3b239b994
blob + f5838d2c1bad6f108584c87b669ba6ccd51e1ee6
--- lib/fetch.c
+++ lib/fetch.c
@@ -108,8 +108,9 @@ dial_ssh(int *fetchfd, const char *host, const char *p
 		n = snprintf(cmd, sizeof(cmd), "git-%s-pack", direction);
 		if (n < 0 || n >= sizeof(cmd))
 			err(1, "snprintf");
-		if (execlp("ssh", "ssh", host, cmd, path, NULL) == -1)
-			err(1, "execlp");
+		if (execl(GOT_FETCH_PATH_SSH, GOT_FETCH_PATH_SSH,
+		    host, cmd, path, NULL) == -1)
+			err(1, "execl");
 		abort(); /* not reached */
 	} else {
 		close(pfd[0]);
blob - d271edae5641fdd75539b8140f6d33a7f9ac7edb
blob + d53de8818b0c88fe4d933db6ea92d3a691ec9f2d
--- lib/privsep.c
+++ lib/privsep.c
@@ -2216,6 +2216,8 @@ got_privsep_unveil_exec_helpers(void)
 	    GOT_PATH_PROG_READ_BLOB,
 	    GOT_PATH_PROG_READ_TAG,
 	    GOT_PATH_PROG_READ_GITCONFIG,
+	    GOT_PATH_PROG_FETCH_PACK,
+	    GOT_PATH_PROG_INDEX_PACK,
 	};
 	int i;