OpenBSD 5.9 pledge(2) bindings

1. // OpenBSD 5.9 pledge(2) bindings
2. // http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/pledge.2
3.  
4. // rustc --crate-type=lib pledge.rs
5. // rustc -L . main.rs
6.  
7. //
8. // pledge_ffi.rs
9. use std::os::raw::c_char;
10. use std::os::raw::c_int;
11.  
12. #[link(name = "c")]
13. extern {
14.     pub fn pledge(promises: *const c_char, paths: *const *const c_char) -> c_int;
15. }
16.  
17. //
18. // pledge.rs
19. #![crate_type = "lib"]
20.  
21. use std::ffi::CString;
22. mod pledge_ffi;
23.  
24. pub fn pledge(promises: &str) -> bool {
25.     if let Ok(c_str) = CString::new(promises) {
26.         unsafe {
27.             let result = pledge_ffi::pledge(c_str.as_ptr(), std::ptr::null());
28.             return result == 0;
29.         }
30.     }
31.     return false;
32. }
33.  
34. //
35. // main.rs
36. extern crate pledge;
37.  
38. use pledge::pledge;
39.  
40. use std::process::exit;
41. use std::fs::File;
42. use std::io::Write;
43.  
44. fn main() {
45.     let mut stderr = std::io::stderr();
46.     // example will crash
47.     // change to "stdio rpath"
48.     if !pledge("stdio") {
49.         writeln!(&mut stderr, "pledge").unwrap();
50.         exit(1);
51.     }
52.  
53.     println!("Now pledged.");
54.  
55.     // attempt elevation
56.     if !pledge("stdio rpath") {
57.         writeln!(&mut stderr, "pledge elevation fail").unwrap();
58.         //exit(1);
59.     }
60.     // .. promises were equal or reduced
61.  
62.     println!("Opening a file!");
63.     // kernel should abort here, unless promises changed
64.     let file = match File::open("/tmp/bogus/file") {
65.         Err(_) => exit(1),
66.         Ok(file) => file,
67.     };
68.     drop(file);
69. }