SHOW:
|
|
- or go back to the newest paste.
| 1 | // OpenBSD 5.9 pledge(2) bindings | |
| 2 | // http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/pledge.2 | |
| 3 | ||
| 4 | // rustc --crate-type=lib pledge.rs | |
| 5 | // rustc -L . main.rs | |
| 6 | ||
| 7 | // | |
| 8 | // pledge_ffi.rs | |
| 9 | use std::os::raw::c_char; | |
| 10 | use std::os::raw::c_int; | |
| 11 | ||
| 12 | #[link(name = "c")] | |
| 13 | extern {
| |
| 14 | pub fn pledge(promises: *const c_char, paths: *const *const c_char) -> c_int; | |
| 15 | } | |
| 16 | ||
| 17 | // | |
| 18 | // pledge.rs | |
| 19 | #![crate_type = "lib"] | |
| 20 | ||
| 21 | use std::ffi::CString; | |
| 22 | mod pledge_ffi; | |
| 23 | ||
| 24 | pub fn pledge(promises: &str) -> bool {
| |
| 25 | if let Ok(c_str) = CString::new(promises) {
| |
| 26 | unsafe {
| |
| 27 | let result = pledge_ffi::pledge(c_str.as_ptr(), std::ptr::null()); | |
| 28 | return result == 0; | |
| 29 | } | |
| 30 | } | |
| 31 | return false; | |
| 32 | } | |
| 33 | ||
| 34 | // | |
| 35 | // main.rs | |
| 36 | extern crate pledge; | |
| 37 | ||
| 38 | use pledge::pledge; | |
| 39 | ||
| 40 | use std::process::exit; | |
| 41 | use std::fs::File; | |
| 42 | use std::io::Write; | |
| 43 | ||
| 44 | fn main() {
| |
| 45 | let mut stderr = std::io::stderr(); | |
| 46 | // example will crash | |
| 47 | // change to "stdio rpath" | |
| 48 | if !pledge("stdio") {
| |
| 49 | writeln!(&mut stderr, "pledge").unwrap(); | |
| 50 | exit(1); | |
| 51 | } | |
| 52 | ||
| 53 | println!("Now pledged.");
| |
| 54 | ||
| 55 | // attempt elevation | |
| 56 | if !pledge("stdio rpath") {
| |
| 57 | writeln!(&mut stderr, "pledge elevation fail").unwrap(); | |
| 58 | //exit(1); | |
| 59 | } | |
| 60 | // .. promises were equal or reduced | |
| 61 | ||
| 62 | println!("Opening a file!");
| |
| 63 | // kernel should abort here, unless promises changed | |
| 64 | let file = match File::open("/tmp/bogus/file") {
| |
| 65 | Err(_) => exit(1), | |
| 66 | Ok(file) => file, | |
| 67 | }; | |
| 68 | drop(file); | |
| 69 | } |
