From 565a880ce5a14bac817c73916e91ebfa04c8b99b Mon Sep 17 00:00:00 2001
From: Timothy Flynn <trflynn89@pm.me>
Date: Wed, 29 Dec 2021 13:10:12 -0500
Subject: Userland: Link directly against LibUnicodeData where needed

This is partially a revert of commits:
    10a8b6d4116c6a627a6c189154af032f69b29c21
    561b67a1add82538502ef2f5733f1d86718898ad

Rather than adding the prot_exec pledge requried to use dlopen(), we can
link directly against LibUnicodeData in applications that we know need
that library.

This might make the dlopen() dance a bit unnecessary. The same purpose
might now be fulfilled with weak symbols. That can be revisted next, but
for now, this at least removes the potential security risk of apps like
the Browser having prot_exec privileges.
---
 Userland/Applications/Spreadsheet/CMakeLists.txt | 1 +
 Userland/Applications/Spreadsheet/main.cpp       | 7 +------
 2 files changed, 2 insertions(+), 6 deletions(-)

(limited to 'Userland/Applications/Spreadsheet')

diff --git a/Userland/Applications/Spreadsheet/CMakeLists.txt b/Userland/Applications/Spreadsheet/CMakeLists.txt
index 0f0eeec27d..a98e03325e 100644
--- a/Userland/Applications/Spreadsheet/CMakeLists.txt
+++ b/Userland/Applications/Spreadsheet/CMakeLists.txt
@@ -42,6 +42,7 @@ set(GENERATED_SOURCES
 
 serenity_app(Spreadsheet ICON app-spreadsheet)
 target_link_libraries(Spreadsheet LibGUI LibJS LibWeb)
+link_with_unicode_data(Spreadsheet)
 
 serenity_test(Writers/Test/TestXSVWriter.cpp Spreadsheet)
 
diff --git a/Userland/Applications/Spreadsheet/main.cpp b/Userland/Applications/Spreadsheet/main.cpp
index cc2a54c694..0ed5a66f22 100644
--- a/Userland/Applications/Spreadsheet/main.cpp
+++ b/Userland/Applications/Spreadsheet/main.cpp
@@ -22,7 +22,7 @@
 
 int main(int argc, char* argv[])
 {
-    if (pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread prot_exec", nullptr) < 0) {
+    if (pledge("stdio recvfd sendfd rpath fattr unix cpath wpath thread", nullptr) < 0) {
         perror("pledge");
         return 1;
     }
@@ -69,11 +69,6 @@ int main(int argc, char* argv[])
         return 1;
     }
 
-    if (unveil("/usr/lib/libunicodedata.so.serenity", "r") < 0) {
-        perror("unveil");
-        return 1;
-    }
-
     if (unveil(nullptr, nullptr) < 0) {
         perror("unveil");
         return 1;
-- 
cgit v1.2.3