| commit | a9a48d93a276ff55f1ad9902dd84b77c899fd027 | |
| author | Stefan Sperling <stsp@stsp.name> | |
| Wed, 17 Apr 2024 17:32:23 +0000 (17 17:32 +0000) | ||
| committer | Thomas Adam <thomas.adam22@gmail.com> | |
| Thu, 25 Apr 2024 14:57:36 +0000 (25 15:57 +0100) | ||
| tree | 8b3558f67ed9f9deeb274ae0c223891c321f288a | treesnapshot (tar.gz zip) |
| parent | e9495ffd168087aa382d316bfd6d75f2082b462e | commitdiff |
use unveil to restrict filesystem access of got-fetch-http
With HTTPS we only need to be able to read /etc/ssl/cert.pem.
With plaintext HTTP no filesystem access is needed at all.
With HTTPS we only need to be able to read /etc/ssl/cert.pem.
With plaintext HTTP no filesystem access is needed at all.
| libexec/got-fetch-http/got-fetch-http.c | diffblobblamehistory |