~egtann/srp

0965e7caa451839ee5012c7d764d1db39b97bd8d — Evan Tann 9 months ago e797b71
fix pledge, unveil issues
3 files changed, 17 insertions(+), 8 deletions(-)

M cmd/srp/main.go
M security.go
M security_openbsd.go
M cmd/srp/main.go => cmd/srp/main.go +9 -3
@@ 31,8 31,6 @@ func main() {
	}
	flag.Parse()

	srp.Unveil(*config)

	issues := []string{}
	port := strings.TrimLeft(*portTmp, ":")
	portInt, err := strconv.Atoi(port)


@@ 112,6 110,14 @@ func main() {
		}()
	}

	// Restrict this program's syscalls and file access should it contain a
	// vulnerability.
	srp.Unveil(*config, "r")
	srp.Unveil("/etc/hosts", "r")
	srp.Unveil("/etc/resolv.conf", "r")
	srp.Unveil("/etc/ssl", "r")
	srp.UnveilBlock()

	// Wait to give our listeners time to boot before pledging. We have to
	// sleep because ListenAndServe hangs, so we can't send a signal on a
	// channel after that -- only before, and before introduces a race


@@ 119,7 125,7 @@ func main() {
	// called before ListenAndServe. When that happens, the kernel stops
	// the program. That's why we sleep here, which is plenty of time for
	// both servers to boot.
	time.Sleep(10 * time.Millisecond)
	time.Sleep(time.Millisecond)
	srp.Pledge()

	log.Println("listening on", port)

M security.go => security.go +5 -2
@@ 3,7 3,10 @@
package srp

// Pledge is not supported outside of OpenBSD.
func Pledge() error { return nil }
func Pledge() {}

// Unveil is not supported outside of OpenBSD.
func Unveil(filename string) error { return nil }
func Unveil(filename, perm string) {}

// UnveilBlock is not supported outside of OpenBSD.
func UnveilBlock() {}

M security_openbsd.go => security_openbsd.go +3 -3
@@ 7,7 7,7 @@ import "golang.org/x/sys/unix"
// of OpenBSD 6.6, though the program runs fine without the call, which is why
// we add the `error` pledge.
func Pledge() {
	const promises = "stdio rpath inet"
	const promises = "stdio rpath wpath cpath inet"
	if err := unix.Pledge(promises, ""); err != nil {
		panic(err)
	}


@@ 17,8 17,8 @@ func Pledge() {
// srp. If there's a vulnerability at the application layer that allows a
// hacker to see the filesystem, the only visible file will be our
// configuration file.
func Unveil(filename string) {
	if err := unix.Unveil(filename, "r"); err != nil {
func Unveil(filename, perm string) {
	if err := unix.Unveil(filename, perm); err != nil {
		panic(err)
	}
}