On OpenBSD, don't enable sendmail if email notifications are disabled.

This commit is contained in:
default 2024-04-02 17:44:27 +02:00
parent b8975b472d
commit b6f8d8e900

13
data.c
View file

@ -117,18 +117,27 @@ int srv_open(char *basedir, int auto_upgrade)
srv_debug(1, xs_dup("OpenBSD security disabled by admin")); srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
} }
else { else {
int smail = xs_type(xs_dict_get(srv_config, "disable_email_notifications")) != XSTYPE_TRUE;
srv_debug(1, xs_fmt("Calling unveil()")); srv_debug(1, xs_fmt("Calling unveil()"));
unveil(basedir, "rwc"); unveil(basedir, "rwc");
unveil("/tmp", "rwc"); unveil("/tmp", "rwc");
unveil("/usr/sbin/sendmail", "x");
unveil("/etc/resolv.conf", "r"); unveil("/etc/resolv.conf", "r");
unveil("/etc/hosts", "r"); unveil("/etc/hosts", "r");
unveil("/etc/ssl/openssl.cnf", "r"); unveil("/etc/ssl/openssl.cnf", "r");
unveil("/etc/ssl/cert.pem", "r"); unveil("/etc/ssl/cert.pem", "r");
unveil("/usr/share/zoneinfo", "r"); unveil("/usr/share/zoneinfo", "r");
if (smail)
unveil("/usr/sbin/sendmail", "x");
unveil(NULL, NULL); unveil(NULL, NULL);
srv_debug(1, xs_fmt("Calling pledge()")); srv_debug(1, xs_fmt("Calling pledge()"));
pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
if (smail)
pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
else
pledge("stdio rpath wpath cpath flock inet proc dns fattr", NULL);
} }
#endif /* __OpenBSD__ */ #endif /* __OpenBSD__ */