Re: [dev] pledge(2) patches

From: Hiltjo Posthuma <hiltjo_AT_codemadness.org>
Date: Wed, 18 May 2016 21:09:13 +0200

On Wed, May 18, 2016 at 06:50:15PM +0200, Kamil Cholewiński wrote:
> Hi folks,
>
> This is purely OpenBSD-specific; had a brief look at SecComp and
> promptly ran away.
>
> Included are pledge(2) diffs for dwm, dmenu, st and slock. I've been
> testing these for a week now (both stress-tests and normal usage), and I
> have no ill effects to report.

Cool!

> diff --git a/dwm.c b/dwm.c
> index ff7e096..aab76b2 100644
> --- a/dwm.c
> +++ b/dwm.c
> _AT_@ -2132,13 +2132,28 @@ main(int argc, char *argv[])
> die("dwm-"VERSION "\n");
> else if (argc != 1)
> die("usage: dwm [-v]\n");
> +#if defined(__OpenBSD__)
> + if (pledge("stdio rpath dns unix prot_exec proc exec", NULL) < 0) {
> + die("pledge\n");
> + }
> +#endif
> if (!setlocale(LC_CTYPE, "") || !XSupportsLocale())

Like Marc said you can use something like:

        die("pledge: %s\n", strerror(errno));

for a more descriptive pledge(2) error message. The standard OpenBSD pattern is:

        if (pledge("promises", NULL) == -1)
                err(1, "pledge");

but it requires err.h BSD_SOURCE.

I really like pledge(2) and am a OpenBSD user, but I don't know if we should
apply this in the upstream version (yet). Would like to hear more opinions.

Kind regards,
Hiltjo
Received on Wed May 18 2016 - 21:09:13 CEST