Commit 63219cd2d49c2964687d675e8ac6e86bc0b70035
2019-01-04T17:25:09
use unveil(2) in 'got checkout'
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
diff --git a/got/got.c b/got/got.c
index 74fa300..50ca600 100644
--- a/got/got.c
+++ b/got/got.c
@@ -39,6 +39,7 @@
#include "got_diff.h"
#include "got_commit_graph.h"
#include "got_blame.h"
+#include "got_privsep.h"
#ifndef nitems
#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
@@ -227,8 +228,8 @@ cmd_checkout(int argc, char *argv[])
argv += optind;
#ifndef PROFILE
- if (pledge("stdio rpath wpath cpath flock proc exec sendfd", NULL)
- == -1)
+ if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil",
+ NULL) == -1)
err(1, "pledge");
#endif
if (argc == 1) {
@@ -272,6 +273,21 @@ cmd_checkout(int argc, char *argv[])
} else
usage_checkout();
+ if (unveil(repo_path, "r") != 0 ||
+ unveil(worktree_path, "rwc") != 0 ||
+ unveil("/tmp", "rwc") != 0) {
+ error = got_error_from_errno();
+ goto done;
+ }
+ error = got_privsep_unveil_exec_helpers();
+ if (error != NULL)
+ goto done;
+
+ if (unveil(NULL, NULL) != 0) {
+ error = got_error_from_errno();
+ goto done;
+ }
+
error = got_repo_open(&repo, repo_path);
if (error != NULL)
goto done;
diff --git a/include/got_privsep.h b/include/got_privsep.h
new file mode 100644
index 0000000..e516bc2
--- /dev/null
+++ b/include/got_privsep.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2019 Stefan Sperling <stsp@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+const struct got_error *got_privsep_unveil_exec_helpers(void);
diff --git a/lib/privsep.c b/lib/privsep.c
index ebc6a6d..923a10b 100644
--- a/lib/privsep.c
+++ b/lib/privsep.c
@@ -1135,3 +1135,17 @@ got_privsep_send_packed_obj_req(struct imsgbuf *ibuf, int idx,
return flush_imsg(ibuf);
}
+
+const struct got_error *
+got_privsep_unveil_exec_helpers(void)
+{
+ if (unveil(GOT_PATH_PROG_READ_PACK, "x") != 0 ||
+ unveil(GOT_PATH_PROG_READ_OBJECT, "x") != 0 ||
+ unveil(GOT_PATH_PROG_READ_COMMIT, "x") != 0 ||
+ unveil(GOT_PATH_PROG_READ_TREE, "x") != 0 ||
+ unveil(GOT_PATH_PROG_READ_BLOB, "x") != 0 ||
+ unveil(GOT_PATH_PROG_READ_TAG, "x") != 0)
+ return got_error_from_errno();
+
+ return NULL;
+}