Hi, Here is a new patch. I have done quite a bit more work on this and think it may be close to completion. The '~/Downloads' directory has been unveiled to match the behavior of Firefox and Chromium on OpenBSD, but Dillo's default of '/tmp' continues to work as well. I have also made sure everything works fine when there is no ~/.dillo directory, Dillo can create it, and also can access the system defaults in '/usr/local/etc/dillo'. dpid is also now unveiled, as well as all of the stock plugins except hello.dpi, I didn't see any point to that. Here are some other tests which I have run: - Regular browsing works fine - Connect to an FTP site and download a file, also view a text file and view an image - Open a text and image file from /tmp and ~/Downloads - Add/remove bookmarks - Download a file to /tmp and ~/Downloads - Save a page to /tmp and ~/Downloads - View source still works - Fonts and cursor icons are working correctly - data: uri works correctly with text and images So far everything seems to be fine. I will keep testing, but would really appreciate some help with reviewing this, there could be some edge-cases which I missed. Regards, Alex diff -upr a/dpi/bookmarks.c b/dpi/bookmarks.c --- a/dpi/bookmarks.c Sat Jun 29 16:33:08 2024 +++ b/dpi/bookmarks.c Sun Jul 28 16:21:05 2024 @@ -25,6 +25,7 @@ #include <stddef.h> #include <string.h> #include <unistd.h> +#include <err.h> #include <errno.h> #include <ctype.h> #include <sys/socket.h> @@ -1616,6 +1617,16 @@ int main(void) { socklen_t address_size; char *tok; Dsh *sh; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + unveil(NULL, NULL); + #endif /* Arrange the cleanup function for terminations via exit() */ atexit(cleanup); diff -upr a/dpi/cookies.c b/dpi/cookies.c --- a/dpi/cookies.c Sat Jun 29 16:33:08 2024 +++ b/dpi/cookies.c Sun Jul 28 16:21:05 2024 @@ -39,6 +39,7 @@ int main(void) #include <fcntl.h> #include <unistd.h> #include <errno.h> +#include <err.h> #include <stddef.h> #include <string.h> #include <stdlib.h> @@ -1643,6 +1644,16 @@ int main(void) { int sock_fd, code; char *buf; Dsh *sh; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + unveil(NULL, NULL); + #endif /* Arrange the cleanup function for terminations via exit() */ atexit(cleanup); diff -upr a/dpi/datauri.c b/dpi/datauri.c --- a/dpi/datauri.c Sat Jun 29 16:33:08 2024 +++ b/dpi/datauri.c Sun Jul 28 16:21:05 2024 @@ -12,6 +12,7 @@ */ #include <unistd.h> +#include <err.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -289,6 +290,19 @@ int main(void) unsigned char *data; int rc; size_t data_size = 0; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + unveil(NULL, NULL); + #endif /* Initialize the SockHandler */ sh = a_Dpip_dsh_new(STDIN_FILENO, STDOUT_FILENO, 8*1024); diff -upr a/dpi/downloads.cc b/dpi/downloads.cc --- a/dpi/downloads.cc Sat Jun 29 16:33:08 2024 +++ b/dpi/downloads.cc Sun Jul 28 16:21:05 2024 @@ -18,6 +18,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <err.h> #include <errno.h> #include <fcntl.h> #include <ctype.h> @@ -1104,6 +1105,38 @@ static void custLabelMeasure(const Fl_Label* o, int& W int main() { int ww = 420, wh = 85; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/bin/wget", "x") == -1) { + err(1, "unveil failed"); + } + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + if (unveil(xauth_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(xauth_loc); + if (unveil("/usr/local/share/fonts", "r") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + char *dl_loc = dStrconcat(dGethomedir(), "/Downloads", NULL); + if (unveil(dl_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dl_loc); + unveil(NULL, NULL); + #endif Fl::lock(); diff -upr a/dpi/file.c b/dpi/file.c --- a/dpi/file.c Sat Jun 29 16:33:08 2024 +++ b/dpi/file.c Sun Jul 28 16:21:05 2024 @@ -22,6 +22,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <err.h> #include <sys/select.h> #include <sys/socket.h> #include <sys/stat.h> @@ -1070,6 +1071,23 @@ int main(void) socklen_t sin_sz; int sock_fd, c_st, st = 1; + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/tmp", "rw") == -1) { + err(1, "unveil failed"); + } + char *dl_loc = dStrconcat(dGethomedir(), "/Downloads", NULL); + if (unveil(dl_loc, "rw") == -1) { + err(1, "unveil failed"); + } + dFree(dl_loc); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + unveil(NULL, NULL); + #endif + /* Arrange the cleanup function for abnormal terminations */ if (signal (SIGINT, termination_handler) == SIG_IGN) diff -upr a/dpi/ftp.c b/dpi/ftp.c --- a/dpi/ftp.c Sat Jun 29 16:33:08 2024 +++ b/dpi/ftp.c Sun Jul 28 16:21:05 2024 @@ -29,6 +29,7 @@ */ #include <unistd.h> +#include <err.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/un.h> @@ -281,6 +282,28 @@ int main(int argc, char **argv) char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *url2 = NULL; int st, rc; char *p, *d_cmd; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/bin/wget", "x") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + char *dl_loc = dStrconcat(dGethomedir(), "/Downloads", NULL); + if (unveil(dl_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dl_loc); + unveil(NULL, NULL); + #endif + /* wget may need to write a temporary file... */ rc = chdir("/tmp"); diff -upr a/dpi/vsource.c b/dpi/vsource.c --- a/dpi/vsource.c Sat Jun 29 16:33:08 2024 +++ b/dpi/vsource.c Sun Jul 28 16:21:05 2024 @@ -13,6 +13,7 @@ */ #include <unistd.h> +#include <err.h> #include <sys/types.h> #include <stdio.h> #include <stdlib.h> @@ -172,6 +173,16 @@ int main(void) int data_size; char *dpip_tag, *cmd = NULL, *cmd2 = NULL, *url = NULL, *size_str = NULL; char *d_cmd; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + unveil(NULL, NULL); + #endif _MSG("starting...\n"); //sleep(20); diff -upr a/dpid/main.c b/dpid/main.c --- a/dpid/main.c Sat Jun 29 16:33:08 2024 +++ b/dpid/main.c Sun Jul 28 16:21:30 2024 @@ -19,6 +19,7 @@ #include <errno.h> /* for ckd_write */ #include <unistd.h> /* for ckd_write */ +#include <err.h> #include <stdlib.h> /* for exit */ #include <assert.h> /* for assert */ #include <sys/stat.h> /* for umask */ @@ -236,6 +237,21 @@ int main(void) services_list = NULL; //daemon(0,0); /* Use 0,1 for feedback */ /* TODO: call setsid() ?? */ + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/usr/local/lib/dillo", "rx") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/etc/dillo", "r") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + unveil(NULL, NULL); + #endif /* Allow read and write access, but only for the user. * TODO: can this cause trouble with umount? */ diff -upr a/src/dillo.cc b/src/dillo.cc --- a/src/dillo.cc Sat Jun 29 16:33:08 2024 +++ b/src/dillo.cc Sun Jul 28 16:33:29 2024 @@ -23,6 +23,7 @@ #include <stdio.h> #include <unistd.h> +#include <err.h> #include <stdlib.h> #include <time.h> #include <sys/types.h> @@ -396,6 +397,47 @@ int main(int argc, char **argv) srand((uint_t)(time(0) ^ getpid())); + // unveil() + #ifdef __OpenBSD__ + if (unveil("/usr/local/share/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/etc/dillo", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/bin/dpid", "x") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/resolv.conf", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/ssl/cert.pem", "r") == -1) { + err(1, "unveil failed"); + } + char *dl_loc = dStrconcat(dGethomedir(), "/Downloads", NULL); + if (unveil(dl_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dl_loc); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + if (unveil(xauth_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(xauth_loc); + unveil(NULL, NULL); + #endif + // Some OSes exit dillo without this (not GNU/Linux). signal(SIGPIPE, SIG_IGN); // Establish our custom SIGCHLD handler