From d939d0f09e44d8bee3fd8f1519deddeb20b804ef Mon Sep 17 00:00:00 2001 From: Omar Polo Date: Sun, 17 Jan 2021 09:33:45 +0000 Subject: [PATCH] switch to getcwd --- README.md | 7 +++++-- gmid.c | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 334315b..4cbaa86 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,9 @@ even if the presence of a sandbox. On OpenBSD, the listener process runs with the `stdio recvfd rpath inet` pledges and has `unveil(2)`ed only the directories that it -serves; the executor has `stdio sendfd proc exec` as pledges. +serves. Furthermore, the executor process has `stdio sendfd proc exec` +as pledges. -On FreeBSD, the executor process is sandboxed with `capsicum(4)`. +On FreeBSD, the listener process is sandboxed with `capsicum(4)`. + +On linux, a seccomp filter is installed for the listener process. diff --git a/gmid.c b/gmid.c index 56250f4..1ab4628 100644 --- a/gmid.c +++ b/gmid.c @@ -673,7 +673,7 @@ absolutify_path(const char *path) if (*path == '/') return strdup(path); - wd = getwd(NULL); + wd = getcwd(NULL, 0); if (asprintf(&r, "%s/%s", wd, path) == -1) err(1, "asprintf"); free(wd);