commit c3be99bcf4989118e9ec7cc6a4f05b0842029122
parent 3d18a32d477f8932ba0b296af2a9b3b91d50b996
Author: default <nobody@localhost>
Date: Mon, 6 Jan 2025 07:33:23 +0100
Fixed sandboxing of the unix socket.
Diffstat:
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/sandbox.c b/sandbox.c
@@ -63,8 +63,14 @@ LL_BEGIN(sbox_enter_linux_, const char* basedir, const char *address, int smail)
if (mtime("/etc/pki") > 0)
LL_PATH("/etc/pki", rf );
- if (*address == '/')
- LL_PATH(address, s);
+ if (*address == '/') {
+ /* the directory holding the socket must be allowed */
+ xs *l = xs_split(address, "/");
+ l = xs_list_del(l, -1);
+ xs *sdir = xs_join(l, "/");
+
+ LL_PATH(sdir, s);
+ }
if (smail)
LL_PATH("/usr/sbin/sendmail", x);
