commit - e9495ffd168087aa382d316bfd6d75f2082b462e
commit + a9a48d93a276ff55f1ad9902dd84b77c899fd027
blob - f1cf123c468f636b6b2290fd62ca8e6b179ab5ac
blob + 384f347b929513263e880df54a09a6ba700b089e
--- libexec/got-fetch-http/got-fetch-http.c
+++ libexec/got-fetch-http/got-fetch-http.c
int ch;
#if !DEBUG_HTTP || defined(PROFILE)
- if (pledge("stdio rpath inet dns", NULL) == -1)
+ if (pledge("stdio rpath inet dns unveil", NULL) == -1)
err(1, "pledge");
#endif
https = strcmp(argv[0], "https") == 0;
#ifndef PROFILE
- if (!https) {
+ if (https) {
+ if (unveil("/etc/ssl/cert.pem", "r") == -1)
+ err(1, "unveil /etc/ssl/cert.pem");
+ } else {
/* drop "rpath" */
- if (pledge("stdio inet dns", NULL) == -1)
+ if (pledge("stdio inet dns unveil", NULL) == -1)
err(1, "pledge");
}
+#else
+ if (unveil("gmon.out", "rwc") != 0)
+ err(1, "unveil gmon.out");
#endif
+ if (unveil(NULL, NULL) == -1)
+ err(1, "unveil NULL");
+
host = argv[1];
port = argv[2];
path = argv[3];