Index: utils/ofarc/OFArc.m ================================================================== --- utils/ofarc/OFArc.m +++ utils/ofarc/OFArc.m @@ -174,11 +174,10 @@ OFArray OF_GENERIC(OFString *) *remainingArguments, *files; id archive; #ifdef OF_HAVE_SANDBOX OFSandbox *sandbox = [OFSandbox sandbox]; - [sandbox setAllowsStdIO: true]; [sandbox setAllowsReadingFiles: true]; [sandbox setAllowsWritingFiles: true]; [sandbox setAllowsCreatingFiles: true]; [sandbox setAllowsChangingFileAttributes: true]; Index: utils/ofhttp/OFHTTP.m ================================================================== --- utils/ofhttp/OFHTTP.m +++ utils/ofhttp/OFHTTP.m @@ -24,18 +24,18 @@ #import "OFFile.h" #import "OFFileManager.h" #import "OFHTTPClient.h" #import "OFHTTPRequest.h" #import "OFHTTPResponse.h" +#import "OFLocale.h" #import "OFOptionsParser.h" +#import "OFSandbox.h" #import "OFStdIOStream.h" #import "OFSystemInfo.h" #import "OFTCPSocket.h" #import "OFTLSSocket.h" #import "OFURL.h" -#import "OFLocale.h" -#import "OFSandbox.h" #import "OFConnectionFailedException.h" #import "OFHTTPRequestFailedException.h" #import "OFInvalidFormatException.h" #import "OFInvalidServerReplyException.h" @@ -377,25 +377,23 @@ }; OFOptionsParser *optionsParser; of_unichar_t option; #ifdef OF_HAVE_SANDBOX - OFSandbox *sandbox = [[OFSandbox alloc] init]; - @try { - [sandbox setAllowsStdIO: true]; - [sandbox setAllowsReadingFiles: true]; - [sandbox setAllowsWritingFiles: true]; - [sandbox setAllowsCreatingFiles: true]; - [sandbox setAllowsIPSockets: true]; - [sandbox setAllowsDNS: true]; - [sandbox setAllowsUserDatabaseReading: true]; - [sandbox setAllowsTTY: true]; - - [OFApplication activateSandbox: sandbox]; - } @finally { - [sandbox release]; - } + OFSandbox *sandbox = [OFSandbox sandbox]; + [sandbox setAllowsStdIO: true]; + [sandbox setAllowsReadingFiles: true]; + [sandbox setAllowsWritingFiles: true]; + [sandbox setAllowsCreatingFiles: true]; + [sandbox setAllowsIPSockets: true]; + [sandbox setAllowsDNS: true]; + [sandbox setAllowsUserDatabaseReading: true]; + [sandbox setAllowsTTY: true]; + /* Dropped after parsing options */ + [sandbox setAllowsUnveil: true]; + + [OFApplication activateSandbox: sandbox]; #endif #ifndef OF_AMIGAOS [OFLocale addLanguageDirectory: @LANGUAGE_DIR]; #else @@ -471,10 +469,19 @@ [OFApplication terminateWithStatus: 1]; break; } } + +#ifdef OF_HAVE_SANDBOX + [sandbox unveilPath: (outputPath != nil + ? outputPath : OF_PATH_CURRENT_DIRECTORY) + permissions: @"wc"]; + + [sandbox setAllowsUnveil: false]; + [OFApplication activateSandbox: sandbox]; +#endif _outputPath = [outputPath copy]; _URLs = [[optionsParser remainingArguments] retain]; if ([_URLs count] < 1)