mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 15:17:36 +00:00
pls: Drastically simplify this program
Since this program is setuid-root, it should be as simple as possible. To that end, remove `/etc/plsusers` and use filesystem permissions to achieve the same thing. `/bin/pls` is now only executable by `root` or members of the `wheel` group. Also remove all the logic that went to great lengths to `unveil()` a minimal set of filesystem paths that may be used for the command. The complexity-to-benefit ratio did not seem justified, and I think we're better off keeping this simple. Finally, remove pledge promises the moment they are no longer needed.
This commit is contained in:
parent
dfd988707c
commit
33f2eeea4a
4 changed files with 43 additions and 184 deletions
|
@ -1,4 +0,0 @@
|
|||
# plsusers file
|
||||
# Put any users you want to allow to run programs as root here
|
||||
root
|
||||
anon
|
Loading…
Add table
Add a link
Reference in a new issue