commit 65f998fa79fc979a3862d0ae8c0a7c46f7891383
parent d42bd360c1ae7700c0b197e4e017e5f2a5ae8a3c
Author: Solene Rapenne <solene@perso.pw>
Date: Fri, 22 Jun 2018 22:10:22 +0200
Add pledge support for OpenBSD, with help from Quentin Rameau
Signed-off-by: Christoph Lohmann <20h@r-36.net>
Diffstat:
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/ind.c b/ind.c
@@ -66,7 +66,7 @@ pendingbytes(int sock)
pending = 0;
rval = 0;
-#ifdef TIOCOUTQ
+#if defined(TIOCOUTQ) && !defined(__OpenBSD__)
rval = ioctl(sock, TIOCOUTQ, &pending);
#else
#ifdef SIOCOUTQ
diff --git a/main.c b/main.c
@@ -537,6 +537,15 @@ main(int argc, char *argv[])
initsignals();
cltlen = sizeof(clt);
+
+#ifdef __OpenBSD__
+ char promises[30];
+ snprintf(promises, sizeof(promises), "rpath inet stdio proc exec %s %s",
+ revlookup ? "dns" : "",
+ dofork ? "tty" : "");
+ pledge(promises, NULL);
+#endif /* __OpenBSD__ */
+
while (1) {
sock = accept(listfd, (struct sockaddr *)&clt, &cltlen);
if (sock < 0) {
@@ -575,6 +584,14 @@ main(int argc, char *argv[])
signal(SIGTERM, SIG_DFL);
signal(SIGALRM, SIG_DFL);
+#ifdef __OpenBSD__
+ char client_promises[25];
+ snprintf(client_promises, sizeof(client_promises),
+ "rpath inet stdio %s",
+ nocgi ? "" : "proc exec" );
+ pledge(client_promises, NULL);
+#endif /* __OpenBSD__ */
+
handlerequest(sock, base, ohost, sport, clienth,
clientp, nocgi);
