Re: OpenBSD::Unveil perl module

[Bryan Steele]

On Sat, Jul 06, 2019 at 03:27:04PM -0700, Andrew Hewus Fresh wrote:
> I wrote up a tiny unveil(2) wrapper for perl, similar to the pledge(2)
> wrapper we have in tree.  It passes the tests I wrote, but it's entirely
> possible I'm doing something terrible wrong.
> 
> But, I think it could be useful, OK to commit, comments?

I think this is cool, and could be helpful for some perl scripts, same
as OpenBSD::Pledge(3p), perhaps more so.

ok brynet@

> l8rZ,
> -- 
> andrew - http://afresh1.com
> 
> Speed matters.  
> Almost as much as some things, and nowhere near as much as others.
>   -- Nick Holland

> Index: gnu/usr.bin/perl/MANIFEST
> ===
> RCS file: /tmp/perl/cvs/src/gnu/usr.bin/perl/MANIFEST,v
> retrieving revision 1.52
> diff -u -p -u -p -r1.52 MANIFEST
> --- gnu/usr.bin/perl/MANIFEST 24 May 2019 21:33:50 -  1.52
> +++ gnu/usr.bin/perl/MANIFEST 6 Jul 2019 22:00:52 -
> @@ -1558,6 +1558,9 @@ cpan/OpenBSD-MkTemp/t/OpenBSD-MkTemp.t  O
>  cpan/OpenBSD-Pledge/lib/OpenBSD/Pledge.pmOpenBSD::Pledge
>  cpan/OpenBSD-Pledge/Pledge.xsOpenBSD::Pledge
>  cpan/OpenBSD-Pledge/t/OpenBSD-Pledge.t   OpenBSD::Pledge test file
> +cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pmOpenBSD::Unveil
> +cpan/OpenBSD-Unveil/t/OpenBSD-Unveil.t   OpenBSD::Unveil test file
> +cpan/OpenBSD-Unveil/Unveil.xsOpenBSD::Unveil
>  cpan/Params-Check/lib/Params/Check.pmParams::Check
>  cpan/Params-Check/t/01_Params-Check.tParams::Check tests
>  cpan/parent/lib/parent.pmEstablish an ISA relationship 
> with base classes at compile time
> Index: gnu/usr.bin/perl/cpan/OpenBSD-Unveil/Unveil.xs
> ===
> RCS file: gnu/usr.bin/perl/cpan/OpenBSD-Unveil/Unveil.xs
> diff -N gnu/usr.bin/perl/cpan/OpenBSD-Unveil/Unveil.xs
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ gnu/usr.bin/perl/cpan/OpenBSD-Unveil/Unveil.xs6 Jul 2019 22:00:53 
> -
> @@ -0,0 +1,33 @@
> +/*   $OpenBSD$   */
> +
> +/*
> + * Copyright (c) 2019 Andrew Hewus Fresh 
> + *
> + * Permission to use, copy, modify, and distribute this software for any
> + * purpose with or without fee is hereby granted, provided that the above
> + * copyright notice and this permission notice appear in all copies.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> + */
> +
> +#define PERL_NO_GET_CONTEXT
> +#include "EXTERN.h"
> +#include "perl.h"
> +#include "XSUB.h"
> +
> +#include 
> +
> +MODULE = OpenBSD::Unveil PACKAGE = OpenBSD::Unveil
> +
> +int
> +_unveil(const char * path = NULL, const char * permissions = NULL)
> +CODE:
> + RETVAL = unveil(path, permissions) != -1;
> +OUTPUT:
> + RETVAL
> Index: gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm
> ===
> RCS file: gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm
> diff -N gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm6 Jul 
> 2019 22:00:53 -
> @@ -0,0 +1,95 @@
> +#$OpenBSD$   #
> +package OpenBSD::Unveil;
> +
> +use 5.028;
> +use strict;
> +use warnings;
> +
> +use Carp;
> +
> +use parent 'Exporter';
> +our %EXPORT_TAGS = ( 'all' => [qw( unveil )] );
> +our @EXPORT_OK   = ( @{ $EXPORT_TAGS{'all'} } );
> +our @EXPORT  = qw( unveil );   ## no critic 
> 'export'
> +
> +our $VERSION = '0.02';
> +
> +require XSLoader;
> +XSLoader::load( 'OpenBSD::Unveil', $VERSION );
> +
> +sub unveil
> +{   ## no critic 'unpack'
> + croak("Usage: OpenBSD::Unveil::unveil([path, permissions])")
> + unless @_ == 0 || @_ == 2; ## no critic 'postfix'
> + return _unveil(@_);
> +}
> +
> +1;
> +
> +## no critic 'pod sections'
> +__END__
> +
> +=head1 NAME
> +
> +OpenBSD::Unveil - Perl interface to OpenBSD unveil(2)
> +
> +=head1 SYNOPSIS
> +
> +  use OpenBSD::Unveil;
> +
> +  my $file = "/usr/share/dict/words";
> +  unveil( $file, "r" ) || die "Unable to unveil: $!";
> +  unveil() || die "Unable to lock unveil: $!";
> +  open my $fh, '<', $file or die "Unable to open $file: $!";
> +
> +  print grep { /unveil/i } readline($fh);
> +  close $fh;
> +
> +
> +=head1 DESCRIPTION
> +
> +This module provides a perl interface to OpenBSD's L 
> L.
> +
> +=head1 EXPORT
> +
> +Exports L by default.
>

OpenBSD::Unveil perl module

[Andrew Hewus Fresh]

I wrote up a tiny unveil(2) wrapper for perl, similar to the pledge(2)
wrapper we have in tree.  It passes the tests I wrote, but it's entirely
possible I'm doing something terrible wrong.

But, I think it could be useful, OK to commit, comments?

l8rZ,
-- 
andrew - http://afresh1.com

Speed matters.  
Almost as much as some things, and nowhere near as much as others.
  -- Nick Holland
Index: gnu/usr.bin/perl/MANIFEST
===
RCS file: /tmp/perl/cvs/src/gnu/usr.bin/perl/MANIFEST,v
retrieving revision 1.52
diff -u -p -u -p -r1.52 MANIFEST
--- gnu/usr.bin/perl/MANIFEST   24 May 2019 21:33:50 -  1.52
+++ gnu/usr.bin/perl/MANIFEST   6 Jul 2019 22:00:52 -
@@ -1558,6 +1558,9 @@ cpan/OpenBSD-MkTemp/t/OpenBSD-MkTemp.tO
 cpan/OpenBSD-Pledge/lib/OpenBSD/Pledge.pm  OpenBSD::Pledge
 cpan/OpenBSD-Pledge/Pledge.xs  OpenBSD::Pledge
 cpan/OpenBSD-Pledge/t/OpenBSD-Pledge.t OpenBSD::Pledge test file
+cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm  OpenBSD::Unveil
+cpan/OpenBSD-Unveil/t/OpenBSD-Unveil.t OpenBSD::Unveil test file
+cpan/OpenBSD-Unveil/Unveil.xs  OpenBSD::Unveil
 cpan/Params-Check/lib/Params/Check.pm  Params::Check
 cpan/Params-Check/t/01_Params-Check.t  Params::Check tests
 cpan/parent/lib/parent.pm  Establish an ISA relationship 
with base classes at compile time
Index: gnu/usr.bin/perl/cpan/OpenBSD-Unveil/Unveil.xs
===
RCS file: gnu/usr.bin/perl/cpan/OpenBSD-Unveil/Unveil.xs
diff -N gnu/usr.bin/perl/cpan/OpenBSD-Unveil/Unveil.xs
--- /dev/null   1 Jan 1970 00:00:00 -
+++ gnu/usr.bin/perl/cpan/OpenBSD-Unveil/Unveil.xs  6 Jul 2019 22:00:53 
-
@@ -0,0 +1,33 @@
+/* $OpenBSD$   */
+
+/*
+ * Copyright (c) 2019 Andrew Hewus Fresh 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define PERL_NO_GET_CONTEXT
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+
+#include 
+
+MODULE = OpenBSD::Unveil   PACKAGE = OpenBSD::Unveil
+
+int
+_unveil(const char * path = NULL, const char * permissions = NULL)
+CODE:
+   RETVAL = unveil(path, permissions) != -1;
+OUTPUT:
+   RETVAL
Index: gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm
===
RCS file: gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm
diff -N gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm
--- /dev/null   1 Jan 1970 00:00:00 -
+++ gnu/usr.bin/perl/cpan/OpenBSD-Unveil/lib/OpenBSD/Unveil.pm  6 Jul 2019 
22:00:53 -
@@ -0,0 +1,95 @@
+#  $OpenBSD$   #
+package OpenBSD::Unveil;
+
+use 5.028;
+use strict;
+use warnings;
+
+use Carp;
+
+use parent 'Exporter';
+our %EXPORT_TAGS = ( 'all' => [qw( unveil )] );
+our @EXPORT_OK   = ( @{ $EXPORT_TAGS{'all'} } );
+our @EXPORT  = qw( unveil );   ## no critic 
'export'
+
+our $VERSION = '0.02';
+
+require XSLoader;
+XSLoader::load( 'OpenBSD::Unveil', $VERSION );
+
+sub unveil
+{   ## no critic 'unpack'
+   croak("Usage: OpenBSD::Unveil::unveil([path, permissions])")
+   unless @_ == 0 || @_ == 2; ## no critic 'postfix'
+   return _unveil(@_);
+}
+
+1;
+
+## no critic 'pod sections'
+__END__
+
+=head1 NAME
+
+OpenBSD::Unveil - Perl interface to OpenBSD unveil(2)
+
+=head1 SYNOPSIS
+
+  use OpenBSD::Unveil;
+
+  my $file = "/usr/share/dict/words";
+  unveil( $file, "r" ) || die "Unable to unveil: $!";
+  unveil() || die "Unable to lock unveil: $!";
+  open my $fh, '<', $file or die "Unable to open $file: $!";
+
+  print grep { /unveil/i } readline($fh);
+  close $fh;
+
+
+=head1 DESCRIPTION
+
+This module provides a perl interface to OpenBSD's L L.
+
+=head1 EXPORT
+
+Exports L by default.
+
+=head1 FUNCTIONS
+
+=head2 unveil
+
+Perl interface to L.
+
+   unveil($paths, $permissions)
+   unveil() # to lock
+
+Returns true on success, returns false and sets $! on failure.
+Throws an exception on incorrect number of parameters.
+
+=head1 SEE ALSO
+
+L
+
+L
+
+=head1 AUTHOR
+
+Andrew Hewus Fresh, Eafre...@openbsd.orge
+
+=head1 LICENSE AND COPYRIGHT
+
+Copyright (C) 2019 by Andrew Hewus Fresh Eafre...@openbsd.orge
+
+Pe