On Sun, Jun 23, 2019 at 01:43:17PM +0200, Jeremie Courreges-Anglas wrote:
>
> Here's a review. Among the pledge promises there's "proc exec".
> There's also an unveil("/usr/local/bin", "rx") call. Is this because of
> gpgme executing gnupg2?
>
> If my guesses are right, I would suggest a few changes. First,
> /usr/local/bin shouldn't be hardcoded, second, the order of the pledge
> promises doesn't help review. This is addressed by the updated diff
> below.
>
> There are still open questions, I think. Does gpgme respect PATH? Does
> it allow the user to override the executed gnupg program?
>
> Another problem is you can't use a password_file that is not under $HOME,
> since mcds is the program opening said file.
Hi Jeremie,
Many thanks for the review, suggestions and raising important questions I
had not thought of!
Yes gpgme `forks()` to do most operations.
I'm pretty sure gpgme gets it's information from `gpgconf`, an executable,
that is in /usr/local/bin (thanks for highlighting $LOCALBASE!).
I will need to dig into this and see if it respects PATH and if it
can be overridden.
Ah, yes, good point regarding a password_file not under $HOME. OK, I'll
think of a way around this. First idea that comes to mind is to call
`unveil()` on this file after reading it from the rc file. I'll have
to investigate.
Once again, many thanks!
Regards
Timothy
