~davidbanham


#126 socksify not available on all distributions 2 years ago

Comment by ~davidbanham on ~sircmpwn/aerc2

Ah, good catch, thanks. Have had lunch now and brain works more good.

There is the -r option to unshare which should let it run unprivileged but it appears that most distros disable unprivileged user namespaces by default via a kernel patch. We'd need to twiddle that kernel param on installation which is a non-starter I think.

What's the threat model for this? I've been digging around and I can't figure out a way to make either w3m or lynx request an external network resource. They don't display images, load external stylesheets, populate iframes or execute javascript.

I appreciate the extra layer of comfort you get with socksify, but maybe the way out of this is to use socksify if it's present, but just execute without it if it isn't.

#126 socksify not available on all distributions 2 years ago

Comment by ~davidbanham on ~sircmpwn/aerc2

Ahh, thanks!

Patch submitted, tested working on Arch.

https://lists.sr.ht/~sircmpwn/aerc/patches/5974

#126 socksify not available on all distributions 2 years ago

Comment by ~davidbanham on ~sircmpwn/aerc2

Easy fix, then!

Just trying to test my change locally before I submit the PR. How do I swap between filters in the email view?

I've got a HTML email but the text/plain mimetype is highlighted and I can't for the life of me figure out how to switch to text/html. Tried the help and tutorial but couldn't find any commands or bindings.

#126 socksify not available on all distributions 2 years ago

Comment by ~davidbanham on ~sircmpwn/aerc2

tsocks doesn't appear to have a way to specify the target socks server on the command line. The point of using socksify the way aerc does is to sandbox w3m away from the network.

If we just called tsocks and there was a valid socks server in the tsocks config already on the system, the purpose of the script would be defeated.

To work around this we'll probably need to write a tsocks config with the dummy server to /tmp and then invoke tsocks with TSOCKS_CONFFILE=/tmp/aerc_tsocks_sandbox or similar.

That's... not particularly elegant.

Would it make more sense to use unshare instead of socksify?

https://unix.stackexchange.com/questions/68956/block-network-access-of-a-process

It's been in the kernel for some time and appears to be pretty widely available across the few distros I had a look at. (arch, fedora, ubuntu, debian).

#112 $ gets eaten by terminal emulator unless pressed twice 2 years ago

Comment by ~davidbanham on ~sircmpwn/aerc2

This also occurs in the editor.