~egtann/srp

34ebe62aa71b7dfcc3ff4097ae9b949d4de1ecca — Evan Tann 1 year, 3 months ago 1853e78
add openbsd pledge, unveil support
5 files changed, 56 insertions(+), 36 deletions(-)

M cmd/srp/main.go
M go.mod
M go.sum
A security.go
A security_openbsd.go
M cmd/srp/main.go => cmd/srp/main.go +8 -0
@@ 30,6 30,14 @@ func main() {
		usage([]string{})
	}
	flag.Parse()

	if err := srp.Unveil(*config); err != nil {
		log.Fatal(err)
	}
	if err := srp.Pledge(); err != nil {
		log.Fatal(err)
	}

	issues := []string{}
	port := strings.TrimLeft(*portTmp, ":")
	portInt, err := strconv.Atoi(port)

M go.mod => go.mod +3 -7
@@ 3,14 3,10 @@ module github.com/egtann/srp
go 1.13

require (
	github.com/egtann/observer v0.0.0-20190205194124-df8d12117b15 // indirect
	github.com/egtann/sjs v0.0.0-20190419155825-aa595c9effd7 // indirect
	github.com/egtann/sls v0.0.0-20190405184350-3bf86d71394b // indirect
	github.com/egtann/up v0.0.0-20190510172642-fc5bc4be8665 // indirect
	github.com/hashicorp/go-cleanhttp v0.5.1
	github.com/microcosm-cc/bluemonday v1.0.2 // indirect
	github.com/rs/xid v1.2.1
	golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739
	golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 // indirect
	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
	golang.org/x/net v0.0.0-20191011234655-491137f69257 // indirect
	golang.org/x/sys v0.0.0-20191010194322-b09406accb47
	golang.org/x/text v0.3.2 // indirect
)

M go.sum => go.sum +7 -29
@@ 1,40 1,18 @@
github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
github.com/egtann/component v0.0.0-20181105184933-8f39bcdff390/go.mod h1:hkWT9MYe8KTv4CKKrYnDnscyfamiLK3VAPaVm3IJs5o=
github.com/egtann/observer v0.0.0-20190205194124-df8d12117b15 h1:2Ob+8rTu4+s3+9DvE6a6eLa5rco0fxjyvhXyv3gD93k=
github.com/egtann/observer v0.0.0-20190205194124-df8d12117b15/go.mod h1:95qj+w3rm9HzEgsuw3ZUVRr5ZeO+KqkmIpEtaJOom9U=
github.com/egtann/sjs v0.0.0-20190419155825-aa595c9effd7 h1:K9JeELogscOFLZ42/Wrcu2hwRE7MR0dYt4Q5Xzf38QI=
github.com/egtann/sjs v0.0.0-20190419155825-aa595c9effd7/go.mod h1:HiYt/wKQrvSw7qmzFysBxZi1V6RhGhi3EHq0mEmCSVI=
github.com/egtann/sls v0.0.0-20190405184350-3bf86d71394b h1:NJAXXMwDj8edpu8AEzkRtouwsXetcgrrKIswYyU50UM=
github.com/egtann/sls v0.0.0-20190405184350-3bf86d71394b/go.mod h1:yLnSPTTy973+2i9AVwqZI//8GHPs3C6GN+Mr42caIpY=
github.com/egtann/up v0.0.0-20181230025019-46ea6185e2ee/go.mod h1:BvZJThG7x7BtdUvj/vwdW8fJFj1ZDrEwv0Tz9vLNOZo=
github.com/egtann/up v0.0.0-20190510172642-fc5bc4be8665 h1:FuK1sPzXUH9tHvZnvR3yytA2gEG3clF6LjTPmkJr6Fs=
github.com/egtann/up v0.0.0-20190510172642-fc5bc4be8665/go.mod h1:BvZJThG7x7BtdUvj/vwdW8fJFj1ZDrEwv0Tz9vLNOZo=
github.com/go-chi/chi v4.0.1+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/justinas/alice v0.0.0-20171023064455-03f45bd4b7da h1:5y58+OCjoHCYB8182mpf/dEsq0vwTKPOo4zGfH0xW9A=
github.com/justinas/alice v0.0.0-20171023064455-03f45bd4b7da/go.mod h1:oLH0CmIaxCGXD67VKGR5AacGXZSMznlmeqM8RzPrcY8=
github.com/microcosm-cc/bluemonday v1.0.2 h1:5lPfLTTAvAbtS0VqT+94yOtFnGfUWYyx0+iToC3Os3s=
github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1-0.20181023235946-059132a15dd0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc=
github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
github.com/rs/zerolog v1.11.0 h1:DRuq/S+4k52uJzBQciUcofXx45GrMC6yrEbb/CoK6+M=
github.com/rs/zerolog v1.11.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739 h1:Gc7JIyxvWgD6m+QmVryY0MstDORNYididDGxgZ6Tnpk=
golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 h1:k7pJ2yAPLPgbskkFdhRCsA77k2fySZ1zf2zCjvQCiIM=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191011234655-491137f69257 h1:ry8e2D+cwaV6hk7lb3aRTjjZo24shrbK0e11QEOkTIg=
golang.org/x/net v0.0.0-20191011234655-491137f69257/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191010194322-b09406accb47 h1:/XfQ9z7ib8eEJX2hdgFTZJ/ntt0swNk5oYBziWeTCvY=
golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=

A security.go => security.go +9 -0
@@ 0,0 1,9 @@
// +build !openbsd

package srp

// Pledge is not supported outside of OpenBSD.
func Pledge() error { return nil }

// Unveil is not supported outside of OpenBSD.
func Unveil(filename string) error { return nil }

A security_openbsd.go => security_openbsd.go +29 -0
@@ 0,0 1,29 @@
package srp

import "golang.org/x/sys/unix"

// Pledge limits srp to specific syscalls. Go's stdlib "net" package calls
// sysctl(kern.somaxconn) which cannot be whitelisted by OpenBSD's pledges as
// of OpenBSD 6.6, though the program runs fine without the call, which is why
// we add the `error` pledge.
func Pledge() error {
	const promises = "stdio rpath inet error"
	if err := unix.Pledge(promises, ""); err != nil {
		return err
	}
	return nil
}

// Unveil hides the entire filesystem except for the given config file from
// srp. If there's a vulnerability at the application layer that allows a
// hacker to see the filesystem, the only visible file will be our
// configuration file.
func Unveil(filename string) error {
	if err := unix.Unveil(filename, "r"); err != nil {
		return err
	}
	if err := unix.UnveilBlock(); err != nil {
		return err
	}
	return nil
}