1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 15:17:36 +00:00

pls: Drastically simplify this program

Since this program is setuid-root, it should be as simple as possible.

To that end, remove `/etc/plsusers` and use filesystem permissions to
achieve the same thing. `/bin/pls` is now only executable by `root` or
members of the `wheel` group.

Also remove all the logic that went to great lengths to `unveil()` a
minimal set of filesystem paths that may be used for the command.
The complexity-to-benefit ratio did not seem justified, and I think
we're better off keeping this simple.

Finally, remove pledge promises the moment they are no longer needed.
This commit is contained in:
Andreas Kling 2021-05-30 22:06:28 +02:00
parent dfd988707c
commit 33f2eeea4a
4 changed files with 43 additions and 184 deletions

View file

@ -1,4 +0,0 @@
# plsusers file
# Put any users you want to allow to run programs as root here
root
anon