Introduction
Introduction Statistics Contact Development Disclaimer Help
tAdd pledge(2) and unveil(2) on OpenBSD - surf - customized build of surf, the …
git clone git://src.adamsgaard.dk/surf
Log
Files
Refs
README
LICENSE
---
commit 6d08917cf38a120460a7a248ed9678fa8c3a01eb
parent 5fddf9515f75b724b90b8bb62eab02f8b93ff128
Author: Anders Damsgaard <[email protected]>
Date: Thu, 2 Jan 2020 21:36:13 +0100
Add pledge(2) and unveil(2) on OpenBSD
Diffstat:
M surf.c | 107 +++++++++++++++++++++++++++++…
1 file changed, 107 insertions(+), 0 deletions(-)
---
diff --git a/surf.c b/surf.c
t@@ -29,6 +29,10 @@
#include <X11/Xatom.h>
#include <glib.h>
+#ifdef __OpenBSD__
+#include <err.h>
+#endif
+
#include "arg.h"
#include "common.h"
t@@ -1977,6 +1981,109 @@ main(int argc, char *argv[])
Arg arg;
Client *c;
+#ifdef __OpenBSD__
+ char path[128];
+ const char* home = getcurrentuserhomedir();
+
+ if (snprintf(path, sizeof(path), "%s/.cache", home) < 0)
+ err(1, "snprintf");
+ if (unveil(path, "rwc") == -1)
+ err(1, "unveil");
+
+ if (snprintf(path, sizeof(path), "%s/.config", home) < 0)
+ err(1, "snprintf");
+ if (unveil(path, "r") == -1)
+ err(1, "unveil");
+
+ if (snprintf(path, sizeof(path), "%s/.config/surf", home) < 0)
+ err(1, "snprintf");
+ if (unveil(path, "rwxc") == -1)
+ err(1, "unveil");
+
+ if (snprintf(path, sizeof(path), "%s/.icons", home) < 0)
+ err(1, "snprintf");
+ if (unveil(path, "r") == -1)
+ err(1, "unveil");
+
+ if (snprintf(path, sizeof(path), "%s/.local", home) < 0)
+ err(1, "snprintf");
+ if (unveil(path, "rwc") == -1)
+ err(1, "unveil");
+
+ if (snprintf(path, sizeof(path), "%s/.Xauthority", home) < 0)
+ err(1, "snprintf");
+ if (unveil(path, "r") == -1)
+ err(1, "unveil");
+
+ if (snprintf(path, sizeof(path), "%s/.Xdefaults", home) < 0)
+ err(1, "snprintf");
+ if (unveil(path, "r") == -1)
+ err(1, "unveil");
+
+ if (snprintf(path, sizeof(path), "%s/tmp", home) < 0)
+ err(1, "snprintf");
+ if (unveil(path, "rwc") == -1)
+ err(1, "unveil");
+
+ if (unveil("/bin", "rx") == -1)
+ err(1, "unveil");
+
+ if (unveil("/dev/urandom", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/etc/fonts", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/etc/gtk-3.0", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/etc/xdg", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/etc/aspell.conf", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/etc/machine-id", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/tmp", "rwc") == -1)
+ err(1, "unveil /tmp");
+
+ if (unveil("/usr/libexec", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/usr/local/bin", "x") == -1)
+ err(1, "unveil");
+
+ if (unveil("/usr/local/lib", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/usr/local/libexec/webkit2gtk-4.0", "x") == -1)
+ err(1, "unveil /usr/local/libexec/webkit2gtk-4.0");
+
+ if (unveil("/usr/local/lib/gdk-pixbuf-2.0", "x") == -1)
+ err(1, "unveil /usr/local/libexec/gdk-pixbuf-2.0");
+
+ if (unveil("/usr/local/share", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/usr/local/share/locale", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/usr/share/locale", "r") == -1)
+ err(1, "unveil");
+
+ if (unveil("/usr/X11R6/lib", "rx") == -1)
+ err(1, "unveil");
+
+ if (unveil("/var/run", "r") == -1)
+ err(1, "unveil");
+
+ if (pledge("stdio rpath wpath cpath dpath tmppath fattr chown flock un…
+ "sendfd recvfd tty proc exec prot_exec ps", NULL) =…
+ err(1, "pledge");
+#endif
+
memset(&arg, 0, sizeof(arg));
/* command line args */
You are viewing proxied material from mx1.adamsgaard.dk. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.