search

emikulic / darkhttpd

When you need a web server in a hurry.
https://unix4lyfe.org/darkhttpd/
ISC License
1.05k stars 87 forks source link

Support FreeBSD 14+ chroot as non-root feature #38

Closed hhartzer closed 8 months ago

hhartzer commented 9 months ago

FreeBSD 14.0 introduced a new feature allowing for chroot as non-root. This might be nice to use here.

https://cgit.freebsd.org/src/commit/?id=a40cf4175c90

It seems fairly straight forward.

+   if (nonpriviledged) {
+       arg = PROC_NO_NEW_PRIVS_ENABLE;
+       error = procctl(P_PID, getpid(), PROC_NO_NEW_PRIVS_CTL, &arg);
+       if (error != 0)
+           err(1, "procctl");
+   }

This might be wise to run (most of the time) even as root.

emikulic commented 9 months ago

I'd be willing to merge a patch that did this. There's probably a set of #ifdefs that could detect FreeBSD 14+

hhartzer commented 9 months ago

Sounds good, I can try to do that. Thanks!