mirror of https://codeberg.org/grunfink/snac2.git
Compare commits
2 Commits
b8975b472d
...
a0429d4699
Author | SHA1 | Date |
---|---|---|
default | a0429d4699 | |
default | b6f8d8e900 |
|
@ -8,6 +8,8 @@ Fixed a bug that caused some notifications to be lost when coming from a user in
|
|||
|
||||
Added an additional check for blocked instances.
|
||||
|
||||
On OpenBSD, if the `disable_email_notifications` server flag is set to `true`, `unveil()` is not called for the execution of the `/usr/sbin/sendmail` binary and `pledge()` doesn't set the `exec` promise.
|
||||
|
||||
## 2.50
|
||||
|
||||
Incoming posts can now be filtered out by content using regular expressions on a server level (these regexes are written in the `filter_reject.txt` file at the server base directory; see `snac(5)` and `snac(8)`).
|
||||
|
|
13
data.c
13
data.c
|
@ -117,18 +117,27 @@ int srv_open(char *basedir, int auto_upgrade)
|
|||
srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
|
||||
}
|
||||
else {
|
||||
int smail = xs_type(xs_dict_get(srv_config, "disable_email_notifications")) != XSTYPE_TRUE;
|
||||
|
||||
srv_debug(1, xs_fmt("Calling unveil()"));
|
||||
unveil(basedir, "rwc");
|
||||
unveil("/tmp", "rwc");
|
||||
unveil("/usr/sbin/sendmail", "x");
|
||||
unveil("/etc/resolv.conf", "r");
|
||||
unveil("/etc/hosts", "r");
|
||||
unveil("/etc/ssl/openssl.cnf", "r");
|
||||
unveil("/etc/ssl/cert.pem", "r");
|
||||
unveil("/usr/share/zoneinfo", "r");
|
||||
|
||||
if (smail)
|
||||
unveil("/usr/sbin/sendmail", "x");
|
||||
|
||||
unveil(NULL, NULL);
|
||||
srv_debug(1, xs_fmt("Calling pledge()"));
|
||||
pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
|
||||
|
||||
if (smail)
|
||||
pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
|
||||
else
|
||||
pledge("stdio rpath wpath cpath flock inet proc dns fattr", NULL);
|
||||
}
|
||||
#endif /* __OpenBSD__ */
|
||||
|
||||
|
|
Loading…
Reference in New Issue