diff options
author | June McEnroe <june@causal.agency> | 2021-03-03 13:30:09 -0500 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2021-03-03 13:30:09 -0500 |
commit | 7186ffe799c14c775a78eb9b570eaea0cd37800d (patch) | |
tree | 0d45d54f94ab0991e56d1c60b5038e5c96f43600 | |
parent | Target OpenBSD (diff) | |
download | bubger-7186ffe799c14c775a78eb9b570eaea0cd37800d.tar.gz bubger-7186ffe799c14c775a78eb9b570eaea0cd37800d.zip |
Sandbox with unveil(2) and pledge(2) on OpenBSD
Diffstat (limited to '')
-rw-r--r-- | archive.c | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/archive.c b/archive.c index bdf51aa..cc6c182 100644 --- a/archive.c +++ b/archive.c @@ -35,6 +35,7 @@ #include <string.h> #include <sys/stat.h> #include <sysexits.h> +#include <tls.h> #include <unistd.h> #include "archive.h" @@ -142,8 +143,32 @@ int main(int argc, char *argv[]) { if (!pass) errx(EX_CONFIG, ENV_PASSWORD " unset"); } - struct Resp resp; +#ifdef __OpenBSD__ + struct { + const char *path; + const char *perm; + } paths[] = { + { ".", "rwc" }, + { tls_default_ca_cert_file(), "r" }, + { concatHead, "r" }, + {0}, + }; + for (int i = 0; paths[i].path; ++i) { + int error = unveil(paths[i].path, paths[i].perm); + if (error) err(EX_NOINPUT, "%s", paths[i].path); + } + int error = pledge("stdio rpath wpath cpath inet dns", NULL); + if (error) err(EX_OSERR, "pledge"); +#endif + struct IMAP imap = imapOpen(host, port); + +#ifdef __OpenBSD__ + error = pledge("stdio rpath wpath cpath", NULL); + if (error) err(EX_OSERR, "pledge"); +#endif + + struct Resp resp; respFree(respOk(imapResp(&imap))); enum Atom login = atom("login"); |