View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] |
ID | Project | Category | View Status | Date Submitted | Last Update |
0003653 | Doomseeker | [All Projects] Security | public | 2019-05-30 06:29 | 2019-05-30 11:12 |
|
Reporter | WubTheCaptain | |
Assigned To | Pol M | |
Priority | none | Severity | feature | Reproducibility | always |
Status | assigned | Resolution | open | |
Platform | | OS | OpenBSD | OS Version | 6.4 |
Product Version | 1.2 | |
Target Version | | Fixed in Version | | |
|
Summary | 0003653: unveil(2) is not yet supported |
Description | If 0003499 is going to happen, then it'd be nice if Doomseeker and Wadseeker supported unveil(2) on OpenBSD 6.4 and later to reduce visibility of the full filesystem to a minimum required. (No good reason why a program should be able to read ~/.ssh/ for example.) |
Steps To Reproduce | Doomseeker (and Wadseeker) should be able to access the Doomseeker user config directory, cache directory and WAD paths, no more.
As of reporting this issue, both have full access to the filesystem. |
Additional Information | 'https://man.openbsd.org/unveil.2 [^]'
'https://www.openbsd.org/papers/bsdcan2019-unveil/index.html [^]' |
|
Attached Files | |
|