pls: Drastically simplify this program

Since this program is setuid-root, it should be as simple as possible. To that end, remove `/etc/plsusers` and use filesystem permissions to achieve the same thing. `/bin/pls` is now only executable by `root` or members of the `wheel` group. Also remove all the logic that went to great lengths to `unveil()` a minimal set of filesystem paths that may be used for the command. The complexity-to-benefit ratio did not seem justified, and I think we're better off keeping this simple. Finally, remove pledge promises the moment they are no longer needed.
2025-07-26 06:37:35 +00:00 · 2021-05-30 22:06:28 +02:00 · 2021-05-30 22:06:28 +02:00 · 33f2eeea4a
commit 33f2eeea4a
parent dfd988707c
4 changed files with 43 additions and 184 deletions
--- a/Meta/build-root-filesystem.sh
+++ b/Meta/build-root-filesystem.sh
@ -50,9 +50,6 @@ chmod 660 mnt/etc/WindowServer.ini
 chown $window_uid:$window_gid mnt/etc/WindowServer.ini
 echo "/bin/sh" > mnt/etc/shells

-chmod 0400 mnt/etc/plsusers
-chown 0:0 mnt/etc/plsusers
-
 chown 0:$wheel_gid mnt/bin/su
 chown 0:$wheel_gid mnt/bin/passwd
 chown 0:$wheel_gid mnt/bin/ping
@ -66,8 +63,8 @@ chown 0:0 mnt/res/kernel.map
 chmod 0400 mnt/res/kernel.map
 chmod 0400 mnt/boot/Kernel
 chmod 4750 mnt/bin/su
+chmod 4750 mnt/bin/pls
 chmod 4755 mnt/bin/passwd
-chmod 4751 mnt/bin/pls
 chmod 4755 mnt/bin/ping
 chmod 4755 mnt/bin/traceroute
 chmod 4750 mnt/bin/reboot