kiosk: Add pledge(2) on OpenBSD to prevent misuse - alexkarle.com

commit 94e1d0d546e4020e0d32c1adfde36ebcf5d57027 (patch)
parent eff73abb653dfb50546ec66d251eb41616524c28
Author: Alex Karle <alex@alexkarle.com>
Date:   Sun, 25 Apr 2021 17:01:37 -0400

kiosk: Add pledge(2) on OpenBSD to prevent misuse

The added pledge(2) call restricts the permissions of the kiosk to
prevent writing to files, talking across the internet, and more...

Diffstat:
M src/kiosk.c  | 12 ++++++++----

1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/kiosk.c b/src/kiosk.c
@@ -1,9 +1,10 @@
-#include <stdio.h>
 #include <dirent.h>
-#include <string.h>
-#include <stdlib.h>
-#include <limits.h>
 #include <err.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 
 int list(void) {
     DIR *dirp = opendir(MANDIR);
@@ -101,6 +102,9 @@ void prompt(int n) {
 }
 
 int main(void) {
+#ifdef __OpenBSD__
+    pledge("stdio rpath proc exec", NULL);
+#endif
     int n = list();
     setenv("MANPAGER", "less", 0);
     setenv("LESSSECURE", "1", 1);

	alexkarle.com Source for alexkarle.com
	git clone git://git.alexkarle.com/alexkarle.com.git
	Log \| Files \| Refs \| README \| LICENSE