From 1ab7c96bb305e818b5dfa3b525d5ff635ad12a0a Mon Sep 17 00:00:00 2001
From: Omar Polo <op@omarpolo.com>
Date: Tue, 6 Sep 2022 16:24:45 +0000
Subject: [PATCH] gc sandbox_executor_process

---
 gmid.h    |  1 -
 sandbox.c | 77 -------------------------------------------------------
 2 files changed, 78 deletions(-)

diff --git a/gmid.h b/gmid.h
index c3ba049..f9056f0 100644
--- a/gmid.h
+++ b/gmid.h
@@ -368,7 +368,6 @@ void		 fcgi_req(struct client *);
 
 /* sandbox.c */
 void		 sandbox_server_process(void);
-void		 sandbox_executor_process(void);
 void		 sandbox_logger_process(void);
 
 /* utf8.c */
diff --git a/sandbox.c b/sandbox.c
index 45f175d..78fc079 100644
--- a/sandbox.c
+++ b/sandbox.c
@@ -26,13 +26,6 @@ sandbox_server_process(void)
 	return;
 }
 
-void
-sandbox_executor_process(void)
-{
-	log_notice(NULL, "Sandbox disabled!  "
-	    "Please report issues upstream instead of disabling the sandbox.");
-}
-
 void
 sandbox_logger_process(void)
 {
@@ -50,16 +43,6 @@ sandbox_server_process(void)
 		fatal("cap_enter");
 }
 
-void
-sandbox_executor_process(void)
-{
-	/*
-	 * We cannot capsicum the executor process because it needs to
-	 * fork(2)+execve(2) cgi scripts
-	 */
-	return;
-}
-
 void
 sandbox_logger_process(void)
 {
@@ -580,18 +563,6 @@ sandbox_server_process(void)
 		    __func__, strerror(errno));
 }
 
-void
-sandbox_executor_process(void)
-{
-	/*
-	 * We cannot use seccomp for the executor process because we
-	 * don't know what the child will do.  Also, our filter will
-	 * be inherited so the child cannot set its own seccomp
-	 * policy.
-	 */
-	return;
-}
-
 void
 sandbox_logger_process(void)
 {
@@ -642,48 +613,6 @@ sandbox_server_process(void)
 		fatal("pledge");
 }
 
-void
-sandbox_executor_process(void)
-{
-	struct vhost	*h;
-	struct location	*l;
-	struct fcgi	*f;
-	size_t		 i;
-
-	TAILQ_FOREACH(h, &hosts, vhosts) {
-		TAILQ_FOREACH(l, &h->locations, locations) {
-			if (l->dir == NULL)
-				continue;
-
-			/* r so we can chdir into the directory */
-			if (unveil(l->dir, "rx") == -1)
-				fatal("unveil %s for domain %s",
-				    l->dir, h->domain);
-		}
-	}
-
-	for (i = 0; i < FCGI_MAX; i++) {
-		f = &fcgi[i];
-		if (f->path != NULL) {
-			if (unveil(f->path, "rw") == -1)
-				fatal("unveil %s", f->path);
-		}
-
-		if (f->prog != NULL) {
-			if (unveil(f->prog, "rx") == -1)
-				fatal("unveil %s", f->prog);
-		}
-	}
-
-	/*
-	 * rpath: to chdir into the correct directory
-	 * proc exec: CGI
-	 * dns inet unix: FastCGI
-	 */
-	if (pledge("stdio rpath sendfd proc exec dns inet unix", NULL))
-		err(1, "pledge");
-}
-
 void
 sandbox_logger_process(void)
 {
@@ -701,12 +630,6 @@ sandbox_server_process(void)
 	return;
 }
 
-void
-sandbox_executor_process(void)
-{
-	log_notice(NULL, "no sandbox method known for this OS");
-}
-
 void
 sandbox_logger_process(void)
 {