Hi, The following diff adds [1] OpenBSD pledge(2) support to ii. I've committed [2] a similar patch to OpenBSD ports tree. but would be great, if it gets merged upstream.
This restricts ii proccess abilities through pledge(2) system call [1]. Futher details: - removing network abilities: pledge(2) is called in main() purposely after tcpopen(), it removes the ii network abilities since that ii proccess at that point doesn't need net operations, so it is turned to a restricted mode without network capabilities. - allowing required system calls: The ii proccess requires some system calls such as (mkfifo(2) mkdir(2) ...) to create directory structure and fifos on demand (when joining a new channel for example). So it was allowed through "rpath wpath cpath dpath" promises. "stdio" is required too, this allows some basics system calls such as read(2) write(2) I've been using it with no problems so far. Full details about pledge(2) at [1] [1] http://man.openbsd.org/OpenBSD-current/man2/pledge.2 [2] http://marc.info/?l=openbsd-ports-cvs&m=146521106930116&w=2 diff --git a/config.mk b/config.mk index afc28d5..2cf103e 100644 --- a/config.mk +++ b/config.mk @@ -25,3 +25,6 @@ LIBS = -L${LIBDIR} -L/usr/lib -lc CC = cc CFLAGS = -g -O0 -W -Wall ${INCLUDES} -DVERSION=\\"${VERSION}\\" LDFLAGS = ${LIBS} + +# OpenBSD pledge(2) support +# CFLAGS+= -DUSE_PLEDGE diff --git a/ii.c b/ii.c index 745e29a..3c6c3c7 100644 --- a/ii.c +++ b/ii.c @@ -490,6 +490,14 @@ int main(int argc, char *argv[]) { } } irc = tcpopen(port); + + #ifdef USE_PLEDGE /* OpenBSD pledge(2) support */ + if (pledge("stdio rpath wpath cpath dpath", NULL) == -1) { + fputs("ii: pledge\\n", stderr); + exit(EXIT_FAILURE); + } + #endif + if(!snprintf(path, sizeof(path), "%s/%s", prefix, host)) { fputs("ii: path to irc directory too long\\n", stderr); exit(EXIT_FAILURE);
