commit b6f8d8e900fd7db1e8ffa886976f9ae4d520ba25
parent b8975b472d5668a8f56347077ff7262ef21be2cb
Author: default <nobody@localhost>
Date: Tue, 2 Apr 2024 17:44:27 +0200
On OpenBSD, don't enable sendmail if email notifications are disabled.
Diffstat:
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/data.c b/data.c
@@ -117,18 +117,27 @@ int srv_open(char *basedir, int auto_upgrade)
srv_debug(1, xs_dup("OpenBSD security disabled by admin"));
}
else {
+ int smail = xs_type(xs_dict_get(srv_config, "disable_email_notifications")) != XSTYPE_TRUE;
+
srv_debug(1, xs_fmt("Calling unveil()"));
unveil(basedir, "rwc");
unveil("/tmp", "rwc");
- unveil("/usr/sbin/sendmail", "x");
unveil("/etc/resolv.conf", "r");
unveil("/etc/hosts", "r");
unveil("/etc/ssl/openssl.cnf", "r");
unveil("/etc/ssl/cert.pem", "r");
unveil("/usr/share/zoneinfo", "r");
+
+ if (smail)
+ unveil("/usr/sbin/sendmail", "x");
+
unveil(NULL, NULL);
srv_debug(1, xs_fmt("Calling pledge()"));
- pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
+
+ if (smail)
+ pledge("stdio rpath wpath cpath flock inet proc exec dns fattr", NULL);
+ else
+ pledge("stdio rpath wpath cpath flock inet proc dns fattr", NULL);
}
#endif /* __OpenBSD__ */
