Re: [dev] pledge(2) patches

Wed, 18 May 2016 12:08:28 -0700 

On Wed, 18 May 2016, Marc André Tanner <m...@brain-dump.org> wrote:
> Independent of whether the functionality is desired, you probably want
> to implement it along the lines of:
>
>  #ifndef __OpenBSD__
>  int pledge(const char *promises, const char *paths[]) { return 0; }
>  #endif
>
> This way you won't clutter all the call sites and they are at least
> compile tested on all platforms. 

Excellent point, changed.

I can imagine most of pledge could be implemented on Linux using
SecComp... But that'd probably be bigger than dwm itself.

> Also because you always die upon failure you might want to introduce
> an xpledge(...) wrapper which could also print a more descriptive error
> message (pledging for which resource failed).

Like this is ok?

void
xpledge(const char *promises, const char *paths[])
{
        if (pledge(promises, paths) < 0) {
                perror("pledge");
                die("dwm: tried to pledge: %s\n", promises);
        }
}

Attached the new diff for dwm, I will modify the rest if this one looks
OK.

Thanks,
K.


diff --git a/dwm.c b/dwm.c
index ff7e096..950b813 100644
--- a/dwm.c
+++ b/dwm.c
@@ -57,6 +57,11 @@
 #define TAGMASK                 ((1 << LENGTH(tags)) - 1)
 #define TEXTW(X)                (drw_text(drw, 0, 0, 0, 0, (X), 0) + drw->fonts[0]->h)
 
+/* portability */
+#ifndef __OpenBSD__
+int pledge(const char *promises, const char *paths[]) { return 0; }
+#endif
+
 /* enums */
 enum { CurNormal, CurResize, CurMove, CurLast }; /* cursor */
 enum { SchemeNorm, SchemeSel, SchemeLast }; /* color schemes */
@@ -232,6 +237,7 @@ static Monitor *wintomon(Window w);
 static int xerror(Display *dpy, XErrorEvent *ee);
 static int xerrordummy(Display *dpy, XErrorEvent *ee);
 static int xerrorstart(Display *dpy, XErrorEvent *ee);
+static void xpledge(const char *promises, const char *paths[]);
 static void zoom(const Arg *arg);
 
 /* variables */
@@ -2112,6 +2118,15 @@ xerrorstart(Display *dpy, XErrorEvent *ee)
 }
 
 void
+xpledge(const char *promises, const char *paths[])
+{
+	if (pledge(promises, paths) < 0) {
+		perror("pledge");
+		die("dwm: tried to pledge: %s\n", promises);
+	}
+}
+
+void
 zoom(const Arg *arg)
 {
 	Client *c = selmon->sel;
@@ -2132,13 +2147,16 @@ main(int argc, char *argv[])
 		die("dwm-"VERSION "\n");
 	else if (argc != 1)
 		die("usage: dwm [-v]\n");
+	xpledge("stdio rpath dns unix prot_exec proc exec", NULL);
 	if (!setlocale(LC_CTYPE, "") || !XSupportsLocale())
 		fputs("warning: no locale support\n", stderr);
 	if (!(dpy = XOpenDisplay(NULL)))
 		die("dwm: cannot open display\n");
+	xpledge("stdio rpath prot_exec proc exec", NULL);
 	checkotherwm();
 	setup();
 	scan();
+	xpledge("stdio proc exec", NULL);
 	run();
 	cleanup();
 	XCloseDisplay(dpy);

Reply via email to