~egtann/srp: add openbsd pledge, unveil support

5 files changed, 56 insertions(+), 36 deletions(-)

M cmd/srp/main.go
M go.mod
M go.sum
A security.go
A security_openbsd.go

M cmd/srp/main.go => cmd/srp/main.go +8 -0

@@ 30,6 30,14 @@ func main() {
 		usage([]string{})
 	}
 	flag.Parse()
+
+	if err := srp.Unveil(*config); err != nil {
+		log.Fatal(err)
+	}
+	if err := srp.Pledge(); err != nil {
+		log.Fatal(err)
+	}
+
 	issues := []string{}
 	port := strings.TrimLeft(*portTmp, ":")
 	portInt, err := strconv.Atoi(port)

M go.mod => go.mod +3 -7

@@ 3,14 3,10 @@ module github.com/egtann/srp
 go 1.13
 
 require (
-	github.com/egtann/observer v0.0.0-20190205194124-df8d12117b15 // indirect
-	github.com/egtann/sjs v0.0.0-20190419155825-aa595c9effd7 // indirect
-	github.com/egtann/sls v0.0.0-20190405184350-3bf86d71394b // indirect
-	github.com/egtann/up v0.0.0-20190510172642-fc5bc4be8665 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.1
-	github.com/microcosm-cc/bluemonday v1.0.2 // indirect
 	github.com/rs/xid v1.2.1
-	golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739
-	golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 // indirect
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
+	golang.org/x/net v0.0.0-20191011234655-491137f69257 // indirect
+	golang.org/x/sys v0.0.0-20191010194322-b09406accb47
 	golang.org/x/text v0.3.2 // indirect
 )

M go.sum => go.sum +7 -29

@@ 1,40 1,18 @@
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/egtann/component v0.0.0-20181105184933-8f39bcdff390/go.mod h1:hkWT9MYe8KTv4CKKrYnDnscyfamiLK3VAPaVm3IJs5o=
-github.com/egtann/observer v0.0.0-20190205194124-df8d12117b15 h1:2Ob+8rTu4+s3+9DvE6a6eLa5rco0fxjyvhXyv3gD93k=
-github.com/egtann/observer v0.0.0-20190205194124-df8d12117b15/go.mod h1:95qj+w3rm9HzEgsuw3ZUVRr5ZeO+KqkmIpEtaJOom9U=
-github.com/egtann/sjs v0.0.0-20190419155825-aa595c9effd7 h1:K9JeELogscOFLZ42/Wrcu2hwRE7MR0dYt4Q5Xzf38QI=
-github.com/egtann/sjs v0.0.0-20190419155825-aa595c9effd7/go.mod h1:HiYt/wKQrvSw7qmzFysBxZi1V6RhGhi3EHq0mEmCSVI=
-github.com/egtann/sls v0.0.0-20190405184350-3bf86d71394b h1:NJAXXMwDj8edpu8AEzkRtouwsXetcgrrKIswYyU50UM=
-github.com/egtann/sls v0.0.0-20190405184350-3bf86d71394b/go.mod h1:yLnSPTTy973+2i9AVwqZI//8GHPs3C6GN+Mr42caIpY=
-github.com/egtann/up v0.0.0-20181230025019-46ea6185e2ee/go.mod h1:BvZJThG7x7BtdUvj/vwdW8fJFj1ZDrEwv0Tz9vLNOZo=
-github.com/egtann/up v0.0.0-20190510172642-fc5bc4be8665 h1:FuK1sPzXUH9tHvZnvR3yytA2gEG3clF6LjTPmkJr6Fs=
-github.com/egtann/up v0.0.0-20190510172642-fc5bc4be8665/go.mod h1:BvZJThG7x7BtdUvj/vwdW8fJFj1ZDrEwv0Tz9vLNOZo=
-github.com/go-chi/chi v4.0.1+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/justinas/alice v0.0.0-20171023064455-03f45bd4b7da h1:5y58+OCjoHCYB8182mpf/dEsq0vwTKPOo4zGfH0xW9A=
-github.com/justinas/alice v0.0.0-20171023064455-03f45bd4b7da/go.mod h1:oLH0CmIaxCGXD67VKGR5AacGXZSMznlmeqM8RzPrcY8=
-github.com/microcosm-cc/bluemonday v1.0.2 h1:5lPfLTTAvAbtS0VqT+94yOtFnGfUWYyx0+iToC3Os3s=
-github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1-0.20181023235946-059132a15dd0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
-github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
-github.com/rs/zerolog v1.11.0 h1:DRuq/S+4k52uJzBQciUcofXx45GrMC6yrEbb/CoK6+M=
-github.com/rs/zerolog v1.11.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
-github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739 h1:Gc7JIyxvWgD6m+QmVryY0MstDORNYididDGxgZ6Tnpk=
-golang.org/x/crypto v0.0.0-20190907121410-71b5226ff739/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 h1:k7pJ2yAPLPgbskkFdhRCsA77k2fySZ1zf2zCjvQCiIM=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191011234655-491137f69257 h1:ry8e2D+cwaV6hk7lb3aRTjjZo24shrbK0e11QEOkTIg=
+golang.org/x/net v0.0.0-20191011234655-491137f69257/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191010194322-b09406accb47 h1:/XfQ9z7ib8eEJX2hdgFTZJ/ntt0swNk5oYBziWeTCvY=
+golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=

A security.go => security.go +9 -0

@@ 0,0 1,9 @@
+// +build !openbsd
+
+package srp
+
+// Pledge is not supported outside of OpenBSD.
+func Pledge() error { return nil }
+
+// Unveil is not supported outside of OpenBSD.
+func Unveil(filename string) error { return nil }

A security_openbsd.go => security_openbsd.go +29 -0

@@ 0,0 1,29 @@
+package srp
+
+import "golang.org/x/sys/unix"
+
+// Pledge limits srp to specific syscalls. Go's stdlib "net" package calls
+// sysctl(kern.somaxconn) which cannot be whitelisted by OpenBSD's pledges as
+// of OpenBSD 6.6, though the program runs fine without the call, which is why
+// we add the `error` pledge.
+func Pledge() error {
+	const promises = "stdio rpath inet error"
+	if err := unix.Pledge(promises, ""); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Unveil hides the entire filesystem except for the given config file from
+// srp. If there's a vulnerability at the application layer that allows a
+// hacker to see the filesystem, the only visible file will be our
+// configuration file.
+func Unveil(filename string) error {
+	if err := unix.Unveil(filename, "r"); err != nil {
+		return err
+	}
+	if err := unix.UnveilBlock(); err != nil {
+		return err
+	}
+	return nil
+}