Hi Rodrigo,
On Sat, 20 Jul 2024 16:34:47 +0200
Rodrigo Arias <[email protected]> wrote:
> >+ if (unveil("/home", "rwc") == -1) {
>
> We may want to constraint this a bit further, so a malicious actor
> cannot read anything from /home/.config. Maybe only /home/.dillo and
> the downloads directory would be suitable?
Absolutely, that was my initial intention, but just wanted to keep the
example patch as simple as possible. There are a number of things in
$HOME which we probably don't want the browser having access to.
> >+ if (pledge("stdio rpath wpath cpath inet unix dns tty proc
> >prot_exec",
>
> Does this work with plugins, when the dpid daemon is not running?, as
> I believe it has to fork and exec the dpid program.
I started with a mindset of "whats the bare minimum of permissions we
can get away with". But its clear that we would need "exec" as well for
full functionality.
At some point I may try to submit an improved patch to the OpenBSD ports
maintainers. Unfortunately that won't do much for users of Linux and
other systems.
-Alex
_______________________________________________
Dillo-dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]
