diff options
| author | Tim Kuijsten <info+git@netsend.nl> | 2019-11-21 02:15:41 +0100 |
|---|---|---|
| committer | Leah Neukirchen <leah@vuxu.org> | 2020-09-06 16:34:56 +0200 |
| commit | 4763032430834ff1d7dfe4293826cf845a71b990 (patch) | |
| tree | 113205e6ce5f84eaf5df1c9347ba0187fa93f3ed /xpledge.h | |
| parent | 6bd687bfdc44bafdc18b96eaec0995e3254536f6 (diff) | |
| download | mblaze-4763032430834ff1d7dfe4293826cf845a71b990.tar.gz mblaze-4763032430834ff1d7dfe4293826cf845a71b990.tar.xz mblaze-4763032430834ff1d7dfe4293826cf845a71b990.zip | |
pledge(2) all programs
All programs except mshow have a very tight set of promises. mshow has a broad set of promises and might be a good future candidate to further restrict using unveil(2). This patch is based on commit 0300a112 by Alex Holst (dated 2017-12-07), which was proposed in GH PR #79. * pledged mpick, mflow and mdate so that now all programs are pledged * removed some unneeded promises and added some missing promises * move err.h include and OpenBSD ifdef into a new xpledge.h * cleaned up code aligning and whitespace Closes: #179 [via git-merge-pr]
Diffstat (limited to 'xpledge.h')
| -rw-r--r-- | xpledge.h | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/xpledge.h b/xpledge.h new file mode 100644 index 0000000..a6065a9 --- /dev/null +++ b/xpledge.h @@ -0,0 +1,26 @@ +#ifndef PLEDGE_H +#define PLEDGE_H + +#ifdef __OpenBSD__ + +#ifndef _BSD_SOURCE +#define _BSD_SOURCE +#endif + +#include <err.h> +#include <unistd.h> + +static void +xpledge(const char *promises, const char *execpromises) +{ + if (pledge(promises, execpromises) == -1) + err(1, "pledge"); +} + +#else + +#define xpledge(promises, execpromises) do { } while(0) + +#endif /* __OpenBSD__ */ + +#endif /* PLEDGE_H */ |