From f3c7f9e20a768e91f50fd9ec44d6b1ac4cb8b10f Mon Sep 17 00:00:00 2001
From: Camden Dixie O'Brien <cdo@wip.sh>
Date: Fri, 14 Oct 2022 17:36:40 +0100
Subject: [PATCH] Use pledge() and unveil() on OpenBSD

---
 main.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/main.c b/main.c
index 15de66d..5959f0c 100644
--- a/main.c
+++ b/main.c
@@ -85,6 +85,13 @@ int main(int argc, char *argv[])
 	static char pbuf[PBUF_SIZE], rbuf[RBUF_SIZE], sbuf[SBUF_SIZE],
 	    fbuf[FBUF_SIZE];
 
+#ifdef __OpenBSD__
+	if (pledge("inet rpath stdio unveil", NULL) == -1) {
+		fprintf(stderr, "pledge() call failed\n");
+		return EXIT_FAILURE;
+	}
+#endif
+
 	/*
 	 * Get srvroot path from arguments and copy into pbuf.
 	 *
@@ -105,6 +112,29 @@ int main(int argc, char *argv[])
 	}
 	memcpy(pbuf, argv[1], srvroot_len);
 
+#ifdef __OpenBSD__
+	/*
+	 * Restrict the program to readonly access to locations under
+	 * srvroot.
+	 */
+	if (srvroot_len + 1 > PBUF_SIZE) {
+		fprintf(stderr, "Path buffer is too short\n");
+		return EXIT_FAILURE;
+	}
+	if (unveil(pbuf, "r") == -1) {
+		fprintf(stderr, "unveil() call failed\n");
+		return EXIT_FAILURE;
+	}
+
+	/*
+	 * Lock program out of further unveil() calls
+	 */
+	if (pledge("inet rpath stdio", NULL) == -1) {
+		fprintf(stderr, "pledge() call failed\n");
+		return EXIT_FAILURE;
+	}
+#endif
+
 	/*
 	 * Register signal handler for SIGTERM and SIGINT.
 	 */