August 2024 - Dillo-dev - lists.mailman3.com

scroll_step description
by Kevin Koster 18 Oct '24

18 Oct '24

There's a new "scroll_step" option in the example configuration file for 3.1.0-rc1. The comment "Mouse wheel scroll step in pixels" suggests that this only affects the mouse wheel, but it also changes the distance the page moves when the arrow keys are pressed and the overlap of previous page content that's left when you press Page Up/Down. I think that's a little confusing, especially as the value has changed since the default behaviour in 3.0.5 (the old value seems to have been about 25).

2 6

Issues with HTTP multipart/form-data file upload
by Xavier Del Campo Romero 02 Sep '24

02 Sep '24

Hello Dillo dev community, I am testing support among web browsers for slcl [1], a JS-less minimalist web storage solution. slcl relies on "multipart/form-data"-encoded HTTP requests to upload files to a server. Whereas Dillo helped me to uncover a few wrong assumptions on my code, I have realised a few issues on Dillo itself related to filue uploads that should be considered. Issue #1: While Dillo is fine uploading small files (up to a few MiB), things go wrong with larger files, so much that memory usage increases up to multiple GiB and can even lock the system up. This is because Dillo is designed to send requests always from memory, which means file contents must be dumped into memory first, and this might be unfeasible for large files. Suggestion: Instead, Dillo should ideally send file contents on-the-fly, so that memory usage is kept to a minimum regardless the file size. Issue #2: Even if Dillo generates a 70-byte, random boundary string (yet mostly filled with '-', similarly to Firefox [2]), it ensures it is not found anywhere inside the file contents. Again, this can be a serious bottleneck in the case of large files, as it requires to scan the whole file for a match. Suggestion: Define *all* of the 70 bytes in the boundary string as random, and assume they would never be found inside a file. The chance of accidental collision is so low that it is not worth the effort into checking them. Suggested patches: - 0001-dialog.cc-Generate-more-random-boundaries.patch) Issue #3: Dillo only supports uploading 1 file at a time. This is mostly because it relies (probably temporarily?) on the a_Dialog_save_file function [3]. However, this is not a limitation on the HTTP protocol, and other implementation such as Firefox or Chromium-based browsers support this. Suggested patches: - 0002-dialog-Add-a_Dialog_select_files.patch - 0003-WIP-multi-file-uploads.patch Conclusions: Dillo seems designed to always send requests from memory, so it is not straightforward to break this assumption in order to support large file uploads. 0003-WIP-multi-file-uploads.patch is an incomplete first step into fixing this, but it surely needs deeper design changes. I did not put more effort into these patches for the time being because, after seeing the potential complexity behind this task, I thought it was a better idea to ask the community for feedback and guidelines. Thank you very much for reading. Best regards, Xavier Del Campo Romero [1]: https://gitea.privatedns.org/xavi/slcl [2]: https://github.com/dillo-browser/dillo/blob/8a360e32ac3136494a494379a6dbbac… [3]: https://github.com/dillo-browser/dillo/blob/8a360e32ac3136494a494379a6dbbac…

2 7

TLS connect error: "an EOF was observed that violates the protocol"
by a1ex＠dismail.de 01 Sep '24

01 Sep '24

Hi, Here are 2 separate issues: 1) socks5 proxy on 127.0.0.1:8080 not working. This is a proxy over ssh, for example: ssh -N -D 8080 user(a)example.com in dillorc: http_proxy="http://localhost:8080/" console output when trying to connect to a site: Connecting to 127.0.0.1:8080 CONNECT through proxy failed. Full reply not received: (nothing) ** WARNING **: CCC: call on already finished chain. Flags=CCC_Ended This setup works fine under Firefox. I tried doing a tcpdump while attempting the connection, and there is no activity. So, while trying to research this, I ran into another issue: 2) Any time I go to a page on this site, Dillo crashes with the following: Nav_open_url: new url='https://dillo-dev.auriga.wearlab.narkive.com/WT0JYUZq/dillo-won-t-resolve-u…' Dns_server [0]: dillo-dev.auriga.wearlab.narkive.com is 149.248.211.108 Connecting to 149.248.211.108:443 TLS connect error: "an EOF was observed that violates the protocol" Tls_close_by_key: Avoiding SSL shutdown for: https://dillo-dev.auriga.wearlab.narkive.com/WT0JYUZq/dillo-won-t-resolve-u… fd 6 is done and failed dillo(13689) in malloc(): write to free mem 0x60383b59140[24..31]@32 Abort trap gdb output: Program received signal SIGABRT, Aborted. thrkill () at /tmp/-:2 2 /tmp/-: No such file or directory. in /tmp/- This is on OpenBSD-current amd64 with LibreSSL 3.9.0, running an unmodified fresh checkout of Dillo master. Also tested on OpenBSD 7.5 with the same result. I tested the site with: https://www.ssllabs.com/ssltest/analyze.html?d=dillo-dev.auriga.wearlab.nar… There seem to be some handshake failures during the simulation. This probably is not be the fault of Dillo, but maybe there is a more graceful to handle this, rather than crashing. Even a test with curl has issues: curl: (35) LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to dillo-dev.auriga.wearlab.narkive.com:443 Is this site just broken/misconfigured? Regards, Alex

3 21

Firefox bookmarks plugin
by Rodrigo Arias 30 Aug '24

30 Aug '24

Hi, Here is another small plugin to sync bookmarks with Firefox Sync: https://github.com/dillo-browser/dillo-plugin-ffbm It uses the ffsclient program to connect to the Firefox Sync server and a few lines of shell script for plumbing. It replaces the builtin bookmarks plugin when installed, so all menu buttons work as expected. Best, Rodrigo

3 4

[PATCH] Dark theme for downloads.dpi
by a1ex＠dismail.de 25 Aug '24

25 Aug '24

Hi list, Here is a patch which provides a dark theme for downloads.dpi. Screenshot is attached. Maybe something like this could be a part of a future 'dark mode' option for Dillo. Feedback welcome! Regards, Alex --- a/dpi/downloads.cc Sun Aug 11 22:21:59 2024 +++ b/dpi/downloads.cc Wed Aug 21 13:13:41 2024 @@ -240,7 +240,7 @@ ProgressBar::ProgressBar(int x, int y, int w, int h, c mShowPct = true; mShowMsg = false; box(FL_THIN_UP_BOX); - color(FL_WHITE); + color(FL_YELLOW); } void ProgressBar::draw() @@ -259,16 +259,16 @@ void ProgressBar::draw() double pct = (mPresent - mMin) / mMax; r.w = r.w * pct + .5; - fl_rectf(r.x, r.y, r.w, r.h, FL_BLUE); + fl_rectf(r.x, r.y, r.w, r.h, FL_WHITE); if (mShowMsg) { - fl_color(FL_RED); + fl_color(FL_BLACK); fl_font(this->labelfont(), this->labelsize()); fl_draw(mMsg, x(), y(), w(), h(), FL_ALIGN_CENTER); } else if (mShowPct) { char buffer[30]; sprintf(buffer, "%d%%", int (pct * 100 + .5)); - fl_color(FL_RED); + fl_color(FL_BLACK); fl_font(this->labelfont(), this->labelsize()); fl_draw(buffer, x(), y(), w(), h(), FL_ALIGN_CENTER); } @@ -345,12 +345,14 @@ DLItem::DLItem(const char *full_filename, const char * WidgetDone = 0; WgetStatus = -1; - gw = 400, gh = 70; + gw = 420, gh = 85; group = new Fl_Group(0,0,gw,gh); group->begin(); + group->color(FL_BLACK); prTitle = new Fl_Box(24, 7, 290, 23); prTitle->box(FL_RSHADOW_BOX); - prTitle->color(FL_WHITE); + prTitle->color(FL_BLACK); + prTitle->labelcolor(FL_WHITE); prTitle->align(FL_ALIGN_LEFT|FL_ALIGN_INSIDE|FL_ALIGN_CLIP); prTitle->copy_label(shortname); // Attach this 'log_text' to the tooltip @@ -370,7 +372,7 @@ DLItem::DLItem(const char *full_filename, const char * o->tooltip("Downloaded Size"); prGot = new Fl_Box(ix,iy+14,iw,ih, "0KB"); prGot->align(FL_ALIGN_CENTER|FL_ALIGN_INSIDE); - prGot->labelcolor(FL_BLUE); + prGot->labelcolor(FL_YELLOW); prGot->labelsize(12); prGot->box(FL_NO_BOX); @@ -382,6 +384,7 @@ DLItem::DLItem(const char *full_filename, const char * o->tooltip("Total Size"); prSize = new Fl_Box(ix,iy+14,iw,ih, "??"); prSize->align(FL_ALIGN_CENTER|FL_ALIGN_INSIDE); + prSize->labelcolor(FL_DARK2); prSize->labelsize(12); prSize->box(FL_NO_BOX); @@ -393,6 +396,7 @@ DLItem::DLItem(const char *full_filename, const char * o->tooltip("Current transfer Rate (KBytes/sec)"); prRate = new Fl_Box(ix,iy+14,iw,ih, "??"); prRate->align(FL_ALIGN_CENTER|FL_ALIGN_INSIDE); + prRate->labelcolor(FL_DARK2); prRate->labelsize(12); prRate->box(FL_NO_BOX); @@ -404,6 +408,7 @@ DLItem::DLItem(const char *full_filename, const char * o->tooltip("Average transfer Rate (KBytes/sec)"); pr_Rate = new Fl_Box(ix,iy+14,iw,ih, "??"); pr_Rate->align(FL_ALIGN_CENTER|FL_ALIGN_INSIDE); + pr_Rate->labelcolor(FL_DARK2); pr_Rate->labelsize(12); pr_Rate->box(FL_NO_BOX); @@ -415,16 +420,19 @@ DLItem::DLItem(const char *full_filename, const char * o->tooltip("Estimated Time of Arrival"); prETA = new Fl_Box(ix,iy+14,iw,ih, "??"); prETA->align(FL_ALIGN_CENTER|FL_ALIGN_INSIDE); + prETA->labelcolor(FL_DARK2); prETA->labelsize(12); prETA->box(FL_NO_BOX); prButton = new Fl_Button(326, 9, 44, 19, "Stop"); prButton->tooltip("Stop this transfer"); prButton->box(FL_UP_BOX); + prButton->color(FL_DARK2); + prButton->labelcolor(FL_BLACK); prButton->clear_visible_focus(); prButton->callback(prButton_scb, this); - group->box(FL_ROUNDED_BOX); + group->box(FL_THIN_UP_BOX); group->end(); } @@ -1056,9 +1064,9 @@ DLWin::DLWin(int ww, int wh) { mScroll->resizable(mPG); mWin->end(); mWin->resizable(mScroll); - mWin->callback(dlwin_esc_cb, NULL); + mWin->callback(dlwin_esc_cb, NULL); mWin->show(); - + // Set SIGCHLD handlers sigemptyset(&mask_sigchld); sigaddset(&mask_sigchld, SIGCHLD);

2 6

[PATCH] dark mode for tooltips
by a1ex＠dismail.de 25 Aug '24

25 Aug '24

Hi, As part of an overall dark mode for Dillo, we could also consider the tooltips. Here is an example which I think looks reasonable: --- a/src/tipwin.cc Sun Aug 11 22:21:59 2024 +++ b/src/tipwin.cc Sat Aug 24 22:17:21 2024 @@ -40,7 +40,7 @@ static void recent_timeout(void*); */ TipWin::TipWin() : Fl_Menu_Window(1, 1) // will autosize { - bgcolor = fl_color_cube(FL_NUM_RED - 1, FL_NUM_GREEN - 1, FL_NUM_BLUE - 2); + bgcolor = FL_WHITE; recent = 0; tip[0] = '\0'; cur_widget = NULL; @@ -50,8 +50,8 @@ TipWin::TipWin() : Fl_Menu_Window(1, 1) // will au void TipWin::draw() { - draw_box(FL_BORDER_BOX, 0, 0, w(), h(), bgcolor); - fl_color(FL_BLACK); + draw_box(FL_BORDER_FRAME, 0, 0, w(), h(), bgcolor); + fl_color(FL_WHITE); fl_font(labelfont(), labelsize()); fl_draw(tip, 3, 3, w() - 6, h() - 6, //Fl_Align(FL_ALIGN_LEFT | FL_ALIGN_WRAP)); Note that 'ui_main_bg_color' needs to be set to the desired dark color first. Regards, Alex

2 1

[PATCH v4] unveil patch
by a1ex＠dismail.de 23 Aug '24

23 Aug '24

Hi, Here is an updated version of the unveil patch. I think almost everything on the to-do list was completed, except searching for a custom wget location. I don't see an especially easy way of doing that, and it seems an unlikely edge-case for someone to remove wget from the system default location. - Permissions have been tightened in dpis - Checking for AUTHORITY env, fallback to ~/.Xauthority - Prefs parser is aware of 'enable_unveil' - Fix some non-strict code warnings - dillorc 'enable_unveil' default setting - Formatting, whitespace fixes - ... I have done a fair amount of testing and it works for me. Unless there is any further feedback or interest, I will leave it as-is for now. Regards, Alex diff -upr a/configure.ac b/configure.ac --- a/configure.ac Sun Aug 11 22:21:59 2024 +++ b/configure.ac Tue Aug 20 19:08:02 2024 @@ -36,6 +36,11 @@ AC_ARG_ENABLE([insure], [enable_insure=$enableval], [enable_insure=no]) +AC_ARG_ENABLE([unveil], + [AS_HELP_STRING([--enable-unveil], [Build with support for unveil])], + [enable_unveil=$enableval], + [enable_unveil=no]) + AC_ARG_ENABLE([ipv6], [AS_HELP_STRING([--enable-ipv6], [Build with support for IPv6])], [enable_ipv6=$enableval], @@ -619,6 +624,9 @@ if test "x$enable_insure" = "xyes" ; then CC="insure -Zoi \"compiler $CC\"" LIBS="$LIBS -lstdc++-2-libc6.1-1-2.9.0" fi +if test "x$enable_unveil" = "xyes" ; then + AC_DEFINE([ENABLE_UNVEIL], [1], [Enable unveil]) +fi if test "x$enable_threaded_dns" = "xyes" ; then CFLAGS="$CFLAGS -DD_DNS_THREADED" fi @@ -726,4 +734,5 @@ _AS_ECHO([ GIF enabled : ${enable_gif}]) _AS_ECHO([ SVG enabled : ${enable_svg}]) _AS_ECHO([]) _AS_ECHO([ HTML tests : ${html_tests_ok}]) +_AS_ECHO([ unveil enabled : ${enable_unveil}]) _AS_ECHO([]) diff -upr a/dillorc b/dillorc --- a/dillorc Sun Aug 11 22:21:59 2024 +++ b/dillorc Tue Aug 20 19:08:02 2024 @@ -46,6 +46,9 @@ # height of the visible page area. #scroll_step=100 +# Enable unveil security feature (currently only available on OpenBSD) +#enable_unveil=NO + #------------------------------------------------------------------------- # RENDERING SECTION #------------------------------------------------------------------------- diff -upr a/dlib/dlib.c b/dlib/dlib.c --- a/dlib/dlib.c Sun Aug 11 22:21:59 2024 +++ b/dlib/dlib.c Tue Aug 20 19:08:02 2024 @@ -922,6 +922,100 @@ char *dGethomedir (void) } /** + * Return the save directory in a static string + */ +char *dGetsavedir (void) +{ + static char *dillorc = NULL; + dillorc = dStrconcat(dGethomedir(), "/", ".dillo/dillorc", NULL); + FILE *In; + int len; + char *rcline = NULL, *value = NULL, *p; + if ((In = fopen(dillorc, "r")) == NULL) { + DLIB_MSG("dGetsavedir: unable to open dillorc.\n"); + return (NULL); + } + while ((rcline = dGetline(In)) != NULL) { + if (strncmp(rcline, "save_dir", 8) == 0) + break; + dFree(rcline); + } + fclose(In); + if (!rcline) { + value = NULL; + DLIB_MSG("dGetsavedir: no 'save_dir' in dillorc..\n"); + } else { + len = (int) strlen(rcline); + if (len && rcline[len - 1] == '\n') + rcline[len - 1] = 0; + if ((p = strchr(rcline, '='))) { + while (*++p == ' '); + value = dStrdup(p); + } else { + value = NULL; + DLIB_MSG("dGetsavedir: error parsing value in dillorc.\n"); + } + } + dFree(rcline); + return (value); +} + +/** + * Return the enable_unveil value in a static string + */ +char *dGetenableunveil (void) +{ + static char *dillorc = NULL; + dillorc = dStrconcat(dGethomedir(), "/", ".dillo/dillorc", NULL); + FILE *In; + int len; + char *rcline = NULL, *value = NULL, *p; + if ((In = fopen(dillorc, "r")) == NULL) { + DLIB_MSG("dGetenableunveil: unable to open dillorc.\n"); + return (NULL); + } + while ((rcline = dGetline(In)) != NULL) { + if (strncmp(rcline, "enable_unveil", 13) == 0) + break; + dFree(rcline); + } + fclose(In); + if (!rcline) { + value = NULL; + DLIB_MSG("dGetenableunveil: no 'enable_unveil' in dillorc.\n"); + } else { + len = (int) strlen(rcline); + if (len && rcline[len - 1] == '\n') + rcline[len - 1] = 0; + if ((p = strchr(rcline, '='))) { + while (*++p == ' '); + value = dStrdup(p); + } else { + value = NULL; + DLIB_MSG("dGetenableunveil: error parsing value in dillorc.\n"); + } + } + dFree(rcline); + return (value); +} + +/** + * Use unveil on OpenBSD + */ +void *dUnveil(const char *path, const char *perm) +{ + #ifdef ENABLE_UNVEIL + #ifdef __OpenBSD__ + int unveil(const char *path, const char *permissions); + if (unveil(path, perm) == -1) { + DLIB_MSG("unveil(%s, %s) failed: %s\n", path, perm, strerror(errno)); + exit(1); + } + #endif + #endif +} + +/** * Get a line from a FILE stream. * Return value: read line on success, NULL on EOF. */ diff -upr a/dlib/dlib.h b/dlib/dlib.h --- a/dlib/dlib.h Sun Aug 11 22:21:59 2024 +++ b/dlib/dlib.h Tue Aug 20 19:08:02 2024 @@ -175,6 +175,9 @@ void dLib_show_messages(bool_t show); */ char *dGetcwd(void); char *dGethomedir(void); +char *dGetsavedir(void); +char *dGetenableunveil(void); +void *dUnveil(const char *path, const char *perm); char *dGetline(FILE *stream); int dClose(int fd); int dUsleep(unsigned long us); diff -upr a/dpi/bookmarks.c b/dpi/bookmarks.c --- a/dpi/bookmarks.c Sun Aug 11 22:21:59 2024 +++ b/dpi/bookmarks.c Tue Aug 20 19:08:02 2024 @@ -37,6 +37,7 @@ #include <signal.h> #include "../dpip/dpip.h" #include "dpiutil.h" +#include "../dlib/dlib.h" /* @@ -1606,7 +1607,6 @@ static void termination_handler(int signum) exit(signum); } - /* * -- MAIN ------------------------------------------------------------------- */ @@ -1616,6 +1616,21 @@ int main(void) { socklen_t address_size; char *tok; Dsh *sh; + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + char *dil_bm = dStrconcat(dGethomedir(), "/.dillo/bm.txt", NULL); + dUnveil(dil_bm, "rwc"); + dFree(dil_bm); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "r"); + dFree(dil_loc); + dUnveil(NULL, NULL); + #endif + } + } /* Arrange the cleanup function for terminations via exit() */ atexit(cleanup); diff -upr a/dpi/cookies.c b/dpi/cookies.c --- a/dpi/cookies.c Sun Aug 11 22:21:59 2024 +++ b/dpi/cookies.c Tue Aug 20 19:08:02 2024 @@ -50,6 +50,7 @@ int main(void) #include <signal.h> #include "dpiutil.h" #include "../dpip/dpip.h" +#include "../dlib/dlib.h" /* @@ -1632,7 +1633,6 @@ static void termination_handler(int signum) exit(signum); } - /* * -- MAIN ------------------------------------------------------------------- */ @@ -1643,7 +1643,22 @@ int main(void) { int sock_fd, code; char *buf; Dsh *sh; - + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + char *cookiesrc_loc = dStrconcat(dGethomedir(), "/.dillo/cookiesrc", NULL); + dUnveil(cookiesrc_loc, "rwc"); + dFree(cookiesrc_loc); + char *cookies_loc = dStrconcat(dGethomedir(), "/.dillo/cookies.txt", NULL); + dUnveil(cookies_loc, "rwc"); + dFree(cookies_loc); + dUnveil(NULL, NULL); + #endif + } + } + /* Arrange the cleanup function for terminations via exit() */ atexit(cleanup); diff -upr a/dpi/datauri.c b/dpi/datauri.c --- a/dpi/datauri.c Sun Aug 11 22:21:59 2024 +++ b/dpi/datauri.c Tue Aug 20 19:08:02 2024 @@ -21,6 +21,7 @@ #include "../dpip/dpip.h" #include "dpiutil.h" #include "../src/misc.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -290,6 +291,19 @@ int main(void) unsigned char *data; int rc; size_t data_size = 0; + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil("/tmp", "rwc"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo/dpid_comm_keys", NULL); + dUnveil(dil_loc, "rwc"); + dFree(dil_loc); + dUnveil(NULL, NULL); + #endif + } + } /* Initialize the SockHandler */ sh = a_Dpip_dsh_new(STDIN_FILENO, STDOUT_FILENO, 8*1024); diff -upr a/dpi/downloads.cc b/dpi/downloads.cc --- a/dpi/downloads.cc Sun Aug 11 22:21:59 2024 +++ b/dpi/downloads.cc Tue Aug 20 19:08:13 2024 @@ -45,6 +45,7 @@ #include "config.h" #include "dpiutil.h" #include "../dpip/dpip.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -206,7 +207,6 @@ static char *escape_tooltip(const char *buf, ssize_t l return ret; } - /* * Global variables */ @@ -1098,13 +1098,37 @@ static void custLabelMeasure(const Fl_Label* o, int& W fl_measure(o->value, W, H, interpret_symbols); } - - //int main(int argc, char **argv) int main() { int ww = 420, wh = 85; - + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil("/tmp", "rwc"); + dUnveil("/etc/fonts", "r"); + dUnveil("/usr/local/bin/wget", "x"); + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + char *xauth = getenv("AUTHORITY"); + if (xauth && strlen(xauth)) { + dUnveil(xauth, "r"); + } else { + dUnveil(xauth_loc, "r"); + } + dFree(xauth_loc); + dFree(xauth); + dUnveil("/usr/local/share/fonts", "r"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "r"); + dFree(dil_loc); + dUnveil(dGetsavedir(), "rw"); + dUnveil(NULL, NULL); + #endif + } + } + Fl::lock(); // Disable '@' and '&' interpretation in normal labels. diff -upr a/dpi/file.c b/dpi/file.c --- a/dpi/file.c Sun Aug 11 22:21:59 2024 +++ b/dpi/file.c Tue Aug 20 19:08:02 2024 @@ -37,6 +37,7 @@ #include "../dpip/dpip.h" #include "dpiutil.h" #include "d_size.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -1063,12 +1064,31 @@ static int File_check_fds(uint_t seconds) return st; } - int main(void) { struct sockaddr_in sin; socklen_t sin_sz; int sock_fd, c_st, st = 1; + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil(dGetsavedir(), "r"); + dUnveil("/tmp", "rw"); + char *home_loc = dStrconcat(dGethomedir(), "", NULL); + dUnveil(home_loc, "r"); + dFree(home_loc); + char *ssh_loc = dStrconcat(dGethomedir(), "/.ssh", NULL); + dUnveil(ssh_loc, ""); + dFree(ssh_loc); + char *config_loc = dStrconcat(dGethomedir(), "/.config", NULL); + dUnveil(config_loc, ""); + dFree(config_loc); + dUnveil(NULL, NULL); + #endif + } + } /* Arrange the cleanup function for abnormal terminations */ if (signal (SIGINT, termination_handler) == SIG_IGN) diff -upr a/dpi/ftp.c b/dpi/ftp.c --- a/dpi/ftp.c Sun Aug 11 22:21:59 2024 +++ b/dpi/ftp.c Tue Aug 20 19:08:02 2024 @@ -44,6 +44,7 @@ #include "../dpip/dpip.h" #include "dpiutil.h" #include "d_size.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -282,6 +283,21 @@ int main(int argc, char **argv) int st, rc; char *p, *d_cmd; + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil("/tmp", "rwc"); + dUnveil("/usr/local/bin/wget", "x"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "r"); + dFree(dil_loc); + dUnveil(dGetsavedir(), "rwc"); + dUnveil(NULL, NULL); + #endif + } + } + /* wget may need to write a temporary file... */ rc = chdir("/tmp"); if (rc == -1) { diff -upr a/dpi/vsource.c b/dpi/vsource.c --- a/dpi/vsource.c Sun Aug 11 22:21:59 2024 +++ b/dpi/vsource.c Tue Aug 20 19:08:02 2024 @@ -21,6 +21,7 @@ #include <errno.h> #include "../dpip/dpip.h" #include "dpiutil.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -188,6 +189,18 @@ int main(void) char *dpip_tag, *cmd = NULL, *cmd2 = NULL, *url = NULL, *size_str = NULL; char *d_cmd; + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "r"); + dFree(dil_loc); + dUnveil(NULL, NULL); + #endif + } + } + _MSG("starting...\n"); //sleep(20); diff -upr a/dpid/main.c b/dpid/main.c --- a/dpid/main.c Sun Aug 11 22:21:59 2024 +++ b/dpid/main.c Tue Aug 20 19:08:02 2024 @@ -236,6 +236,19 @@ int main(void) //daemon(0,0); /* Use 0,1 for feedback */ /* TODO: call setsid() ?? */ + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil("/usr/local/lib/dillo", "rx"); + dUnveil("/usr/local/etc/dillo", "r"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "rwc"); + dUnveil(NULL, NULL); + #endif + } + } + /* Allow read and write access, but only for the user. * TODO: can this cause trouble with umount? */ umask(0077); diff -upr a/src/dillo.cc b/src/dillo.cc --- a/src/dillo.cc Sun Aug 11 22:21:59 2024 +++ b/src/dillo.cc Tue Aug 20 19:08:02 2024 @@ -463,7 +463,53 @@ int main(int argc, char **argv) fclose(fp); } dLib_show_messages(prefs.show_msg); - + + // Use unveil + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + const char *home = dGethomedir(); + const char *save = prefs.save_dir; + int nsave = strlen(save); + int nhome = strlen(home); + if (nsave <= nhome) { + /* Prevent save_dir="/home" and save_dir=$HOME */ + if (strncmp(save, home, nsave) == 0) { + MSG("save_dir cannot contain home\n"); + exit(1); + } + } + dUnveil("/usr/local/share/fonts", "r"); + dUnveil("/usr/local/share/icons", "r"); + dUnveil("/usr/X11R6/share/X11/locale", "r"); + dUnveil("/usr/X11R6/lib/X11/fonts", "r"); + dUnveil("/usr/local/etc/dillo", "r"); + dUnveil("/tmp", "rwc"); + dUnveil("/usr/local/bin/dpid", "x"); + dUnveil("/etc/fonts", "r"); + dUnveil("/etc/resolv.conf", "r"); + dUnveil("/etc/ssl/cert.pem", "r"); + dUnveil(prefs.save_dir, "rwc"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "rwc"); + dFree(dil_loc); + char *icons_loc = dStrconcat(dGethomedir(), "/.icons", NULL); + dUnveil(icons_loc, "r"); + dFree(icons_loc); + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + char *xauth = getenv("AUTHORITY"); + if (xauth && strlen(xauth)) { + dUnveil(xauth, "r"); + } else { + dUnveil(xauth_loc, "r"); + } + dFree(xauth_loc); + dFree(xauth); + dUnveil(NULL, NULL); + #endif + } + } + // initialize internal modules a_Dpi_init(); a_Dns_init(); diff -upr a/src/prefs.c b/src/prefs.c --- a/src/prefs.c Sun Aug 11 22:21:59 2024 +++ b/src/prefs.c Tue Aug 20 19:08:02 2024 @@ -72,6 +72,7 @@ void a_Prefs_init(void) prefs.http_strict_transport_security = TRUE; prefs.http_force_https = FALSE; prefs.http_user_agent = dStrdup(PREFS_HTTP_USER_AGENT); + prefs.enable_unveil = FALSE; prefs.limit_text_width = FALSE; prefs.adjust_min_width = TRUE; prefs.adjust_table_min_width = TRUE; diff -upr a/src/prefs.h b/src/prefs.h --- a/src/prefs.h Sun Aug 11 22:21:59 2024 +++ b/src/prefs.h Tue Aug 20 19:08:02 2024 @@ -100,6 +100,7 @@ typedef struct { bool_t http_persistent_conns; bool_t http_strict_transport_security; bool_t http_force_https; + bool_t enable_unveil; int32_t buffered_drawing; char *font_serif; char *font_sans_serif; diff -upr a/src/prefsparser.cc b/src/prefsparser.cc --- a/src/prefsparser.cc Sun Aug 11 22:21:59 2024 +++ b/src/prefsparser.cc Tue Aug 20 19:08:02 2024 @@ -182,6 +182,7 @@ void PrefsParser::parse(FILE *fp) PREFS_BOOL, 0 }, { "http_force_https", &prefs.http_force_https, PREFS_BOOL, 0 }, { "http_user_agent", &prefs.http_user_agent, PREFS_STRING, 0 }, + { "enable_unveil", &prefs.enable_unveil, PREFS_BOOL, 0 }, { "limit_text_width", &prefs.limit_text_width, PREFS_BOOL, 0 }, { "adjust_min_width", &prefs.adjust_min_width, PREFS_BOOL, 0 }, { "adjust_table_min_width", &prefs.adjust_table_min_width, PREFS_BOOL, 0 },

2 1

BUG FIX for the Clipboard copy function
by Batavo Silva 20 Aug '24

20 Aug '24

Hi Dillo devs! Here is just a small bug fix for the Cipboard copy function. The 3rd argument passed for the Fl::copy() function should be 1 (not 0) for it to copy the input text to the clipboard buffer. This issue is found at line 702 of file dillo/dw/fltkplatform.cc: [code] void FltkPlatform::copySelection(const char *text) { Fl::copy(text, strlen(text), 0); // wrong } [/code] Change it to: [code] void FltkPlatform::copySelection(const char *text) { Fl::copy(text, strlen(text), 1); } [/code] Ref: FLTK Documentation: https://www.fltk.org/doc-1.3/group__fl__clipboard.html#ga221bc2fa9bd737a825…

4 4

portability: gmake vs make
by a1ex＠dismail.de 11 Aug '24

11 Aug '24

Hi Rodrigo, Looking at your recent commit: >Make Dillo strictly C99, C++11 and POSIX-2001 compliant, without >depending on GNU extensions. Right now the OpenBSD port of Dillo is dependent on gmake (GNU make) to build the package. Out of curiosity, I tried to use the native 'make' command: $ make [...] Making all in doc Using $< in a non-suffix rule context is a GNUmake idiom (Makefile:556) *** Error 1 in . (Makefile:583 'all-recursive') *** Error 2 in . (Makefile:380 'all') Everything else builds fine, except this error in doc. Here is the offending line: $ diff -up a/doc/Makefile.am b/doc/Makefile.am --- a/doc/Makefile.am Sun Aug 11 00:01:58 2024 +++ b/doc/Makefile.am Sun Aug 11 00:01:51 2024 @@ -11,6 +11,6 @@ dillo.1: $(srcdir)/dillo.1.in Makefile # Use .in.html instead of .html.in so it is recognized as HTML. user_help.html: $(srcdir)/user_help.in.html Makefile - sed 's/__VERSION__/${VERSION}/g' $< > $@ DISTCLEANFILES = dillo.1 user_help.html With that removed, there are no errors. Regards, Alex

2 1

[PATCH v3] unveil patch
by a1ex＠dismail.de 08 Aug '24

08 Aug '24

Hi, Here is a new version of the unveil patch. Some notable changes: - Dillo will exit if 'save_dir' is set to $HOME (only with unveil) - dUnveil() function moved to dlib - New 'enable_unveil' pref for dillorc - New dGetsavedir() function to parse 'save_dir' - New dGetenableunveil() function to parse 'enable_unveil' enable_unveil is not used by the prefs parser, but rather dGetenableunveil(). I still need to fix it so that we don't get this warning on the console: prefs: {enable_unveil} is not a recognized token. To-Do: - Localize wget and $AUTHORITY - ... As always, feedback is welcome. Regards, Alex diff -upr a/configure.ac b/configure.ac --- a/configure.ac Wed Aug 7 20:50:53 2024 +++ b/configure.ac Thu Aug 8 20:06:15 2024 @@ -36,6 +36,11 @@ AC_ARG_ENABLE([insure], [enable_insure=$enableval], [enable_insure=no]) +AC_ARG_ENABLE([unveil], + [AS_HELP_STRING([--enable-unveil], [Build with support for unveil])], + [enable_unveil=$enableval], + [enable_unveil=no]) + AC_ARG_ENABLE([ipv6], [AS_HELP_STRING([--enable-ipv6], [Build with support for IPv6])], [enable_ipv6=$enableval], @@ -619,6 +624,9 @@ if test "x$enable_insure" = "xyes" ; then CC="insure -Zoi \"compiler $CC\"" LIBS="$LIBS -lstdc++-2-libc6.1-1-2.9.0" fi +if test "x$enable_unveil" = "xyes" ; then + AC_DEFINE([ENABLE_UNVEIL], [1], [Enable unveil]) +fi if test "x$enable_threaded_dns" = "xyes" ; then CFLAGS="$CFLAGS -DD_DNS_THREADED" fi @@ -726,4 +734,5 @@ _AS_ECHO([ GIF enabled : ${enable_gif}]) _AS_ECHO([ SVG enabled : ${enable_svg}]) _AS_ECHO([]) _AS_ECHO([ HTML tests : ${html_tests_ok}]) +_AS_ECHO([ unveil enabled : ${enable_unveil}]) _AS_ECHO([]) diff -upr a/dlib/dlib.c b/dlib/dlib.c --- a/dlib/dlib.c Wed Aug 7 20:50:53 2024 +++ b/dlib/dlib.c Thu Aug 8 20:07:28 2024 @@ -922,6 +922,99 @@ char *dGethomedir (void) } /** + * Return the save directory in a static string + */ +char *dGetsavedir () +{ + static char *dillorc = NULL; + dillorc = dStrconcat(dGethomedir(), "/", ".dillo/dillorc", NULL); + FILE *In; + int len; + char *rcline = NULL, *value = NULL, *p; + if ((In = fopen(dillorc, "r")) == NULL) { + DLIB_MSG("dGetsavedir: unable to open dillorc.\n"); + return (NULL); + } + while ((rcline = dGetline(In)) != NULL) { + if (strncmp(rcline, "save_dir", 8) == 0) + break; + dFree(rcline); + } + fclose(In); + if (!rcline) { + value = NULL; + DLIB_MSG("dGetsavedir: no 'save_dir' in dillorc..\n"); + } else { + len = (int) strlen(rcline); + if (len && rcline[len - 1] == '\n') + rcline[len - 1] = 0; + if ((p = strchr(rcline, '='))) { + while (*++p == ' '); + value = dStrdup(p); + } else { + value = NULL; + DLIB_MSG("dGetsavedir: error parsing value in dillorc.\n"); + } + } + dFree(rcline); + return (value); +} + +/** + * Return the enable_unveil value in a static string + */ +char *dGetenableunveil () +{ + static char *dillorc = NULL; + dillorc = dStrconcat(dGethomedir(), "/", ".dillo/dillorc", NULL); + FILE *In; + int len; + char *rcline = NULL, *value = NULL, *p; + if ((In = fopen(dillorc, "r")) == NULL) { + DLIB_MSG("dGetenableunveil: unable to open dillorc.\n"); + return (NULL); + } + while ((rcline = dGetline(In)) != NULL) { + if (strncmp(rcline, "enable_unveil", 13) == 0) + break; + dFree(rcline); + } + fclose(In); + if (!rcline) { + value = NULL; + DLIB_MSG("dGetenableunveil: no 'enable_unveil' in dillorc.\n"); + } else { + len = (int) strlen(rcline); + if (len && rcline[len - 1] == '\n') + rcline[len - 1] = 0; + if ((p = strchr(rcline, '='))) { + while (*++p == ' '); + value = dStrdup(p); + } else { + value = NULL; + DLIB_MSG("dGetenableunveil: error parsing value in dillorc.\n"); + } + } + dFree(rcline); + return (value); +} + +/** + * Use unveil on OpenBSD + */ +void *dUnveil(const char *path, const char *perm) +{ + #ifdef ENABLE_UNVEIL + #ifdef __OpenBSD__ + if (unveil(path, perm) == -1) { + DLIB_MSG("unveil(%s, %s) failed: %s\n", path, perm, strerror(errno)); + exit(1); + } + #endif + #endif +} + +/** * Get a line from a FILE stream. * Return value: read line on success, NULL on EOF. */ diff -upr a/dlib/dlib.h b/dlib/dlib.h --- a/dlib/dlib.h Wed Aug 7 20:50:53 2024 +++ b/dlib/dlib.h Thu Aug 8 20:07:26 2024 @@ -175,6 +175,9 @@ void dLib_show_messages(bool_t show); */ char *dGetcwd(void); char *dGethomedir(void); +char *dGetsavedir(); +char *dGetenableunveil(); +void *dUnveil(const char *path, const char *perm); char *dGetline(FILE *stream); int dClose(int fd); int dUsleep(unsigned long us); diff -upr a/dpi/bookmarks.c b/dpi/bookmarks.c --- a/dpi/bookmarks.c Wed Aug 7 20:50:53 2024 +++ b/dpi/bookmarks.c Thu Aug 8 20:08:40 2024 @@ -37,6 +37,7 @@ #include <signal.h> #include "../dpip/dpip.h" #include "dpiutil.h" +#include "../dlib/dlib.h" /* @@ -1606,7 +1607,6 @@ static void termination_handler(int signum) exit(signum); } - /* * -- MAIN ------------------------------------------------------------------- */ @@ -1616,6 +1616,18 @@ int main(void) { socklen_t address_size; char *tok; Dsh *sh; + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + char *dil_bm = dStrconcat(dGethomedir(), "/.dillo/bm.txt", NULL); + dUnveil(dil_bm, "rwc"); + dFree(dil_bm); + unveil(NULL, NULL); + #endif + } + } /* Arrange the cleanup function for terminations via exit() */ atexit(cleanup); diff -upr a/dpi/cookies.c b/dpi/cookies.c --- a/dpi/cookies.c Wed Aug 7 20:50:53 2024 +++ b/dpi/cookies.c Thu Aug 8 20:08:40 2024 @@ -50,6 +50,7 @@ int main(void) #include <signal.h> #include "dpiutil.h" #include "../dpip/dpip.h" +#include "../dlib/dlib.h" /* @@ -1632,7 +1633,6 @@ static void termination_handler(int signum) exit(signum); } - /* * -- MAIN ------------------------------------------------------------------- */ @@ -1643,7 +1643,19 @@ int main(void) { int sock_fd, code; char *buf; Dsh *sh; - + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "rwc"); + dFree(dil_loc); + unveil(NULL, NULL); + #endif + } + } + /* Arrange the cleanup function for terminations via exit() */ atexit(cleanup); diff -upr a/dpi/datauri.c b/dpi/datauri.c --- a/dpi/datauri.c Wed Aug 7 20:50:53 2024 +++ b/dpi/datauri.c Thu Aug 8 20:08:40 2024 @@ -21,6 +21,7 @@ #include "../dpip/dpip.h" #include "dpiutil.h" #include "../src/misc.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -290,6 +291,19 @@ int main(void) unsigned char *data; int rc; size_t data_size = 0; + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil("/tmp", "rwc"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "rwc"); + dFree(dil_loc); + unveil(NULL, NULL); + #endif + } + } /* Initialize the SockHandler */ sh = a_Dpip_dsh_new(STDIN_FILENO, STDOUT_FILENO, 8*1024); diff -upr a/dpi/downloads.cc b/dpi/downloads.cc --- a/dpi/downloads.cc Wed Aug 7 20:50:53 2024 +++ b/dpi/downloads.cc Thu Aug 8 20:08:40 2024 @@ -45,6 +45,7 @@ #include "config.h" #include "dpiutil.h" #include "../dpip/dpip.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -206,7 +207,6 @@ static char *escape_tooltip(const char *buf, ssize_t l return ret; } - /* * Global variables */ @@ -1098,13 +1098,30 @@ static void custLabelMeasure(const Fl_Label* o, int& W fl_measure(o->value, W, H, interpret_symbols); } - - //int main(int argc, char **argv) int main() { int ww = 420, wh = 85; - + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil("/tmp", "rwc"); + dUnveil("/etc/fonts", "r"); + dUnveil("/usr/local/bin/wget", "x"); + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + dUnveil(xauth_loc, "r"); + dFree(xauth_loc); + dUnveil("/usr/local/share/fonts", "r"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "rwc"); + dFree(dil_loc); + dUnveil(NULL, NULL); + #endif + } + } + Fl::lock(); // Disable '@' and '&' interpretation in normal labels. diff -upr a/dpi/file.c b/dpi/file.c --- a/dpi/file.c Wed Aug 7 20:50:53 2024 +++ b/dpi/file.c Thu Aug 8 20:08:40 2024 @@ -37,6 +37,7 @@ #include "../dpip/dpip.h" #include "dpiutil.h" #include "d_size.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -1063,12 +1064,24 @@ static int File_check_fds(uint_t seconds) return st; } - int main(void) { struct sockaddr_in sin; socklen_t sin_sz; int sock_fd, c_st, st = 1; + + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil(dGetsavedir(), "rw"); + dUnveil("/tmp", "rw"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "rwc"); + unveil(NULL, NULL); + #endif + } + } /* Arrange the cleanup function for abnormal terminations */ if (signal (SIGINT, termination_handler) == SIG_IGN) diff -upr a/dpi/ftp.c b/dpi/ftp.c --- a/dpi/ftp.c Wed Aug 7 20:50:53 2024 +++ b/dpi/ftp.c Thu Aug 8 20:08:40 2024 @@ -44,6 +44,7 @@ #include "../dpip/dpip.h" #include "dpiutil.h" #include "d_size.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -282,6 +283,21 @@ int main(int argc, char **argv) int st, rc; char *p, *d_cmd; + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil("/tmp", "rwc"); + dUnveil("/usr/local/bin/wget", "x"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "rwc"); + dFree(dil_loc); + dUnveil(dGetsavedir(), "rwc"); + unveil(NULL, NULL); + #endif + } + } + /* wget may need to write a temporary file... */ rc = chdir("/tmp"); if (rc == -1) { diff -upr a/dpi/vsource.c b/dpi/vsource.c --- a/dpi/vsource.c Wed Aug 7 20:50:53 2024 +++ b/dpi/vsource.c Thu Aug 8 20:08:40 2024 @@ -21,6 +21,7 @@ #include <errno.h> #include "../dpip/dpip.h" #include "dpiutil.h" +#include "../dlib/dlib.h" /* * Debugging macros @@ -188,6 +189,18 @@ int main(void) char *dpip_tag, *cmd = NULL, *cmd2 = NULL, *url = NULL, *size_str = NULL; char *d_cmd; + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "r"); + dFree(dil_loc); + unveil(NULL, NULL); + #endif + } + } + _MSG("starting...\n"); //sleep(20); diff -upr a/dpid/main.c b/dpid/main.c --- a/dpid/main.c Wed Aug 7 20:50:53 2024 +++ b/dpid/main.c Thu Aug 8 20:07:44 2024 @@ -236,6 +236,19 @@ int main(void) //daemon(0,0); /* Use 0,1 for feedback */ /* TODO: call setsid() ?? */ + /* Use unveil on OpenBSD */ + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + dUnveil("/usr/local/lib/dillo", "rx"); + dUnveil("/usr/local/etc/dillo", "r"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "rwc"); + unveil(NULL, NULL); + #endif + } + } + /* Allow read and write access, but only for the user. * TODO: can this cause trouble with umount? */ umask(0077); diff -upr a/src/dillo.cc b/src/dillo.cc --- a/src/dillo.cc Wed Aug 7 20:50:53 2024 +++ b/src/dillo.cc Thu Aug 8 20:08:54 2024 @@ -463,7 +463,47 @@ int main(int argc, char **argv) fclose(fp); } dLib_show_messages(prefs.show_msg); - + + // Use unveil + if (dGetenableunveil() != NULL) { + if (strncmp(dGetenableunveil(), "YES", 3) == 0) { + #ifdef ENABLE_UNVEIL + const char *home = dGethomedir(); + const char *save = prefs.save_dir; + int nsave = strlen(save); + int nhome = strlen(home); + if (nsave <= nhome) { + /* Prevent save_dir="/home" and save_dir=$HOME */ + if (strncmp(save, home, nsave) == 0) { + MSG("save_dir cannot contain home\n"); + exit(1); + } + } + dUnveil("/usr/local/share/fonts", "r"); + dUnveil("/usr/local/share/icons", "r"); + dUnveil("/usr/X11R6/share/X11/locale", "r"); + dUnveil("/usr/X11R6/lib/X11/fonts", "r"); + dUnveil("/usr/local/etc/dillo", "r"); + dUnveil("/tmp", "rwc"); + dUnveil("/usr/local/bin/dpid", "x"); + dUnveil("/etc/fonts", "r"); + dUnveil("/etc/resolv.conf", "r"); + dUnveil("/etc/ssl/cert.pem", "r"); + dUnveil(prefs.save_dir, "rwc"); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + dUnveil(dil_loc, "rwc"); + dFree(dil_loc); + char *icons_loc = dStrconcat(dGethomedir(), "/.icons", NULL); + dUnveil(icons_loc, "r"); + dFree(icons_loc); + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + dUnveil(xauth_loc, "r"); + dFree(xauth_loc); + dUnveil(NULL, NULL); + #endif + } + } + // initialize internal modules a_Dpi_init(); a_Dns_init();

1 0