~egtann/srp

49bf26176eb34d6a32fbda5bcbb511548ca22df0 — Evan Tann 9 months ago 0f3d41c
improve pledge, unveil api
2 files changed, 9 insertions(+), 8 deletions(-)

M cmd/srp/main.go
M security_openbsd.go
M cmd/srp/main.go => cmd/srp/main.go +1 -1
@@ 121,7 121,7 @@ func main() {
	// called before ListenAndServe. When that happens, the kernel stops
	// the program. That's why we sleep here, which is plenty of time for
	// both servers to boot.
	time.Sleep(time.Millisecond)
	time.Sleep(10 * time.Millisecond)
	if err := srp.Pledge(); err != nil {
		log.Fatal(err)
	}

M security_openbsd.go => security_openbsd.go +8 -7
@@ 6,24 6,25 @@ import "golang.org/x/sys/unix"
// sysctl(kern.somaxconn) which cannot be whitelisted by OpenBSD's pledges as
// of OpenBSD 6.6, though the program runs fine without the call, which is why
// we add the `error` pledge.
func Pledge() error {
func Pledge() {
	const promises = "stdio rpath inet"
	if err := unix.Pledge(promises, ""); err != nil {
		return err
		panic(err)
	}
	return nil
}

// Unveil hides the entire filesystem except for the given config file from
// srp. If there's a vulnerability at the application layer that allows a
// hacker to see the filesystem, the only visible file will be our
// configuration file.
func Unveil(filename string) error {
func Unveil(filename string) {
	if err := unix.Unveil(filename, "r"); err != nil {
		return err
		panic(err)
	}
}

func UnveilBlock() {
	if err := unix.UnveilBlock(); err != nil {
		return err
		panic(err)
	}
	return nil
}