Use pledge() and unveil() on OpenBSD

2022-10-14 17:36:40 +01:00 · 2022-10-14 17:36:40 +01:00 · f3c7f9e20a
commit f3c7f9e20a
parent c200de7dc1
1 changed files with 30 additions and 0 deletions
--- a/main.c
+++ b/main.c
@ -85,6 +85,13 @@ int main(int argc, char *argv[])
 	static char pbuf[PBUF_SIZE], rbuf[RBUF_SIZE], sbuf[SBUF_SIZE],
 	    fbuf[FBUF_SIZE];

+#ifdef __OpenBSD__
+	if (pledge("inet rpath stdio unveil", NULL) == -1) {
+		fprintf(stderr, "pledge() call failed\n");
+		return EXIT_FAILURE;
+	}
+#endif
+
 	/*
 	 * Get srvroot path from arguments and copy into pbuf.
 	 *
@ -105,6 +112,29 @@ int main(int argc, char *argv[])
 	}
 	memcpy(pbuf, argv[1], srvroot_len);

+#ifdef __OpenBSD__
+	/*
+	 * Restrict the program to readonly access to locations under
+	 * srvroot.
+	 */
+	if (srvroot_len + 1 > PBUF_SIZE) {
+		fprintf(stderr, "Path buffer is too short\n");
+		return EXIT_FAILURE;
+	}
+	if (unveil(pbuf, "r") == -1) {
+		fprintf(stderr, "unveil() call failed\n");
+		return EXIT_FAILURE;
+	}
+
+	/*
+	 * Lock program out of further unveil() calls
+	 */
+	if (pledge("inet rpath stdio", NULL) == -1) {
+		fprintf(stderr, "pledge() call failed\n");
+		return EXIT_FAILURE;
+	}
+#endif
+
 	/*
 	 * Register signal handler for SIGTERM and SIGINT.
 	 */