From 95bb627ffbb5fcbf9462b5957d0cb25072d8c64e Mon Sep 17 00:00:00 2001 From: C. McEnroe Date: Sat, 23 Jan 2021 00:03:58 -0500 Subject: Separate kiosk mode from restrict mode Restrict mode will focus on sandboxing, while kiosk will continue to restrict IRC access through a public kiosk. Kiosk mode without restrict mode allows execution of man 1 catgirl with /help, assuming external sandboxing. The /list and /part commands are also added to the list of disabled commands in kiosk mode, since they are pointless without access to /join. --- chat.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'chat.c') diff --git a/chat.c b/chat.c index ebffe46..f455b35 100644 --- a/chat.c +++ b/chat.c @@ -159,7 +159,6 @@ static void sandbox(const char *trust, const char *cert, const char *priv) { const char *path; const char *perm; } paths[] = { - { "/usr/bin/man", "x" }, { "/usr/share/terminfo", "r" }, { tls_default_ca_cert_file(), "r" }, { NULL, NULL }, @@ -200,6 +199,7 @@ int main(int argc, char *argv[]) { { .val = 'C', .name = "copy", required_argument }, { .val = 'H', .name = "hash", required_argument }, { .val = 'I', .name = "highlight", required_argument }, + { .val = 'K', .name = "kiosk", no_argument }, { .val = 'N', .name = "notify", required_argument }, { .val = 'O', .name = "open", required_argument }, { .val = 'R', .name = "restrict", no_argument }, @@ -236,6 +236,7 @@ int main(int argc, char *argv[]) { break; case 'C': utilPush(&urlCopyUtil, optarg); break; case 'H': parseHash(optarg); break; case 'I': filterAdd(Hot, optarg); + break; case 'K': self.kiosk = true; break; case 'N': utilPush(&uiNotifyUtil, optarg); break; case 'O': utilPush(&urlOpenUtil, optarg); break; case 'R': self.restricted = true; @@ -325,7 +326,8 @@ int main(int argc, char *argv[]) { sig_t cursesWinch = signal(SIGWINCH, signalHandler); fcntl(irc, F_SETFD, FD_CLOEXEC); - if (!self.restricted) { + bool pipes = !self.kiosk && !self.restricted; + if (pipes) { int error = pipe(utilPipe); if (error) err(EX_OSERR, "pipe"); @@ -345,7 +347,7 @@ int main(int argc, char *argv[]) { { .events = POLLIN, .fd = execPipe[0] }, }; while (!self.quit) { - int nfds = poll(fds, (self.restricted ? 2 : ARRAY_LEN(fds)), -1); + int nfds = poll(fds, (pipes ? ARRAY_LEN(fds) : 2), -1); if (nfds < 0 && errno != EINTR) err(EX_IOERR, "poll"); if (nfds > 0) { if (fds[0].revents) uiRead(); -- cgit 1.4.1-2-gfad0