int main(int argc, char *argv[]) { if (pledge("stdio rpath inet dns getpw tty", NULL) == -1) err(1, "pledge"); get_names(argc, argv); init_display(); open_ctl(); open_sockt(); start_msgs(); if (!check_local()) invite_remote(); end_msgs(); set_edit_chars(); if (his_machine_addr.s_addr == my_machine_addr.s_addr) { if (pledge("stdio tty", NULL) == -1) err(1, "pledge"); } else { if (pledge("stdio inet tty", NULL) == -1) err(1, "pledge"); } talk(); return (0); }
/* * rm -- * This rm is different from historic rm's, but is expected to match * POSIX 1003.2 behavior. The most visible difference is that -f * has two specific effects now, ignore non-existent files and force * file removal. */ int main(int argc, char *argv[]) { int ch, rflag; setlocale(LC_ALL, ""); Pflag = rflag = 0; while ((ch = getopt(argc, argv, "dfiPRr")) != -1) switch(ch) { case 'd': dflag = 1; break; case 'f': fflag = 1; iflag = 0; break; case 'i': fflag = 0; iflag = 1; break; case 'P': Pflag = 1; break; case 'R': case 'r': /* Compatibility. */ rflag = 1; break; default: usage(); } argc -= optind; argv += optind; if (Pflag) { if (pledge("stdio rpath wpath cpath getpw", NULL) == -1) err(1, "pledge"); } else { if (pledge("stdio rpath cpath getpw", NULL) == -1) err(1, "pledge"); } if (argc < 1 && fflag == 0) usage(); checkdot(argv); if (*argv) { stdin_ok = isatty(STDIN_FILENO); if (rflag) rm_tree(argv); else rm_file(argv); } exit(eval); }
/* * this section of code will drop all (OpenBSD) privileges including * those normally granted to all userland process (basic privileges). The * effect of this is that after running this code, the process will not able * to fork(), exec(), etc. See pledge(2) for more information. */ void drop_privileges() { extern char *__progname; if (settings.socketpath != NULL) { if (pledge("stdio unix", NULL) == -1) { fprintf(stderr, "%s: pledge: %s\n", __progname, strerror(errno)); exit(EXIT_FAILURE); } } else { if (pledge("stdio inet", NULL) == -1) { fprintf(stderr, "%s: pledge: %s\n", __progname, strerror(errno)); exit(EXIT_FAILURE); } } }
int main(int argc, char *argv[]) { int ret_val; if (pledge("stdio rpath", NULL) == -1) { perror("pledge"); exit(1); } if (signal(SIGINT, SIG_IGN) != SIG_IGN) (void)signal(SIGINT, terminate); ret_val = setup(argc, argv); if (!ret_val) { /* * select the output format based on options */ if (merge) ret_val = mulfile(argc, argv); else if (clcnt == 1) ret_val = onecol(argc, argv); else if (across) ret_val = horzcol(argc, argv); else ret_val = vertcol(argc, argv); } else usage(); flsh_errs(); if (errcnt || ret_val) exit(1); return(0); }
__dead void irr_main(u_int32_t AS, int flags, char *outdir) { char *query; int r; if (pledge("stdio rpath wpath cpath inet dns", NULL) == -1) err(1, "pledge"); fprintf(stderr, "irrfilter for: %u, writing to %s\n", AS, outdir); irrflags = flags; irrverbose = 0; TAILQ_INIT(&router_head); /* send query for own AS, parse policy */ if (asprintf(&query, "AS%u", AS) == -1) err(1, "parse_policy asprintf"); if ((r = whois(query, QTYPE_OWNAS)) == -1) exit(1); if (r == 0) errx(1, "aut-num object %s not found", query); free(query); write_filters(outdir); exit(0); }
int main(int argc, char *argv[]) { if (pledge("stdio rpath tty", NULL) == -1) err(1, "pledge"); do_options(argc, argv); intro(); do { initgame(); while(awinna() == -1) { if (!blitz) { if (!salvo) { if(turn) (void) cputurn(); else (void) plyturn(); } else /* salvo */ { int i; i = scount(turn); while (i--) { if (turn) { if (cputurn() && awinna() != -1) i = 0; } else { if (plyturn() && awinna() != -1) i = 0; } } } } else /* blitz */ while(turn ? cputurn() : plyturn()) { if (turn) /* Pause between successive computer shots */ { (void)refresh(); (void)sleep(1); } if (awinna() != -1) break; } turn = OTHER; } } while (playagain()); uninitgame(0); return 0; }
int main(int argc, char *argv[]) { int ch; char *p; setlocale(LC_ALL, ""); if (pledge("stdio", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "")) != -1) switch (ch) { case '?': default: usage(); /* NOTREACHED */ } if (argc != optind) { usage(); /* NOTREACHED */ } if ((p = getlogin()) == NULL) err(1, NULL); (void)printf("%s\n", p); exit(0); }
int main(int argc, char **argv) { struct passwd *pw; struct skey key; char *name = NULL; int error, ch, verbose = 0; if (pledge("stdio rpath wpath flock getpw", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "v")) != -1) switch(ch) { case 'v': verbose = 1; break; default: usage(); } argc -= optind; argv += optind; if (argc == 1) name = argv[0]; else if (argc > 1) usage(); if (name && getuid() != 0) errx(1, "only root may specify an alternate user"); if (name) { if ((pw = getpwnam(name)) == NULL) errx(1, "no passwd entry for %s", name); } else { if ((pw = getpwuid(getuid())) == NULL) errx(1, "no passwd entry for uid %u", getuid()); } if ((name = strdup(pw->pw_name)) == NULL) err(1, "cannot allocate memory"); sevenbit(name); error = skeylookup(&key, name); switch (error) { case 0: /* Success! */ if (verbose) (void)printf("otp-%s ", skey_get_algorithm()); (void)printf("%d %s\n", key.n - 1, key.seed); break; case -1: /* File error */ err(1, "cannot open %s/%s", _PATH_SKEYDIR, name); break; case 1: /* Unknown user */ errx(1, "%s is not listed in %s", name, _PATH_SKEYDIR); break; } (void)fclose(key.keyfile); exit(error ? 1 : 0); }
int main(int argc, char *argv[]) { struct val *vp; (void) setlocale(LC_ALL, ""); if (pledge("stdio", NULL) == -1) err(1, "pledge"); if (argc > 1 && !strcmp(argv[1], "--")) argv++; av = argv + 1; nexttoken(0); vp = eval0(); if (token != EOI) { error(); /* NOTREACHED */ } if (vp->type == integer) printf("%d\n", vp->u.i); else printf("%s\n", vp->u.s); exit(is_zero_or_null(vp)); }
int main(int argc, char *argv[]) { int ch; struct parse_result *result; while ((ch = getopt(argc, argv, "")) != -1) switch (ch) { default: usage(); return (EXIT_FAILURE); } argc -= optind; argv += optind; if ((result = parse(argc, argv)) == NULL) return (EXIT_FAILURE); switch (result->action) { case NONE: break; case TEST: if (pledge("stdio dns inet", NULL) == -1) err(EXIT_FAILURE, "pledge"); radius_test(result); break; } return (EXIT_SUCCESS); }
int main(int argc, char *argv[]) { int ch, c, fd, ret = 1; struct stat sb; char *pr_form; time_t mtime; FILE *fp; if (pledge("stdio rpath wpath cpath tmppath getpw proc exec", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "DEP")) != -1) switch (ch) { case 'D': Dflag = 1; break; case 'E': debase(); exit(0); case 'P': Pflag = 1; break; default: usage(); } argc -= optind; argv += optind; if (argc > 0) usage(); if (Pflag) { init();
int main(int argc, char *argv[]) { f = -1; if (pledge("stdio rpath wpath cpath dns inet", NULL) == -1) err(1, "pledge"); /* set default transfer mode */ strlcpy(mode, "netascii", sizeof(mode)); /* set peer if given */ if (argc > 1) parsearg(argc, argv); /* catch SIGINT */ signal(SIGINT, intr); /* allocate memory for packets */ if ((ackbuf = malloc(SEGSIZE_MAX + 4)) == NULL) err(1, "malloc"); /* command prompt */ command(); return (0); }
int main(int argc, char *argv[]) { FILE *fp; int c; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); fp = NULL; while ((c = getopt(argc, argv, "Ddpt:w:")) != -1) { switch (c) { #ifdef DEBUG case 'D': Debug = 1; break; #endif case 'd': Flags |= AC_D; break; case 'p': Flags |= AC_P; break; case 't': /* only do specified ttys */ add_tty(optarg); break; case 'w': fp = file(optarg); break; case '?': default: usage(); break; } } if (optind < argc) { /* * initialize user list */ for (; optind < argc; optind++) { Users = update_user(Users, argv[optind], 0L); } Flags |= AC_U; /* freeze user list */ } if (Flags & AC_D) Flags &= ~AC_P; if (fp == NULL) { /* * if _PATH_WTMP does not exist, exit quietly */ if (access(_PATH_WTMP, 0) != 0 && errno == ENOENT) return 0; fp = file(_PATH_WTMP); } ac(fp); return 0; }
int sandbox_after(void) { switch (proccomp) { case (COMP_ACCOUNT): case (COMP_CERT): case (COMP_KEY): case (COMP_REVOKE): case (COMP__MAX): if (-1 == pledge("stdio", NULL)) { warn("pledge"); return(0); } break; case (COMP_CHALLENGE): if (-1 == pledge("stdio cpath wpath", NULL)) { warn("pledge"); return(0); } break; case (COMP_DNS): if (-1 == pledge("stdio dns", NULL)) { warn("pledge"); return(0); } break; case (COMP_FILE): /* * Rpath and cpath for rename, wpath and cpath for * writing to the temporary. */ if (-1 == pledge("stdio cpath wpath rpath", NULL)) { warn("pledge"); return(0); } break; case (COMP_NET): if (-1 == pledge("stdio inet", NULL)) { warn("pledge"); return(0); } break; } return(1); }
int main(void) { if (-1 == pledge("stdio", NULL)) { perror("pledge"); return(1); } return(0); }
int errstr_main(int argc, char **argv) { unsigned long ulval; char *ularg, *ep; int argsused, i; char buf[256]; int ret = 0; if (single_execution) { if (pledge("stdio rpath", NULL) == -1) { perror("pledge"); exit(1); } } memset(&errstr_config, 0, sizeof(errstr_config)); if (options_parse(argc, argv, errstr_options, NULL, &argsused) != 0) { errstr_usage(); return (1); } if (errstr_config.stats) { BIO *out; if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) { fprintf(stderr, "Out of memory"); return (1); } lh_ERR_STRING_DATA_node_stats_bio(ERR_get_string_table(), out); lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), out); lh_ERR_STRING_DATA_node_usage_stats_bio( ERR_get_string_table(), out); BIO_free_all(out); } for (i = argsused; i < argc; i++) { errno = 0; ularg = argv[i]; ulval = strtoul(ularg, &ep, 16); if (strchr(ularg, '-') != NULL || (ularg[0] == '\0' || *ep != '\0') || (errno == ERANGE && ulval == ULONG_MAX)) { printf("%s: bad error code\n", ularg); ret++; continue; } ERR_error_string_n(ulval, buf, sizeof(buf)); printf("%s\n", buf); } return (ret); }
int control(void) { struct passwd *pw; purge_config(PURGE_EVERYTHING); if ((pw = getpwnam(SMTPD_USER)) == NULL) fatalx("unknown user " SMTPD_USER); stat_backend = env->sc_stat; stat_backend->init(); if (chroot(PATH_CHROOT) == -1) fatal("control: chroot"); if (chdir("/") == -1) fatal("control: chdir(\"/\")"); config_process(PROC_CONTROL); if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("control: cannot drop privileges"); imsg_callback = control_imsg; event_init(); signal(SIGINT, SIG_IGN); signal(SIGTERM, SIG_IGN); signal(SIGPIPE, SIG_IGN); signal(SIGHUP, SIG_IGN); tree_init(&ctl_conns); tree_init(&ctl_count); memset(&digest, 0, sizeof digest); digest.startup = time(NULL); config_peer(PROC_SCHEDULER); config_peer(PROC_QUEUE); config_peer(PROC_PARENT); config_peer(PROC_LKA); config_peer(PROC_PONY); config_peer(PROC_CA); control_listen(); if (pledge("stdio unix recvfd sendfd", NULL) == -1) err(1, "pledge"); event_dispatch(); fatalx("exited event loop"); return (0); }
pid_t ypldap_dns(int pipe_ntp[2], struct passwd *pw) { pid_t pid; struct event ev_sigint; struct event ev_sigterm; struct event ev_sighup; struct env env; switch (pid = fork()) { case -1: fatal("cannot fork"); break; case 0: break; default: return (pid); } setproctitle("dns engine"); close(pipe_ntp[0]); if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); endservent(); if (pledge("stdio dns", NULL) == -1) fatal("pledge"); event_init(); signal_set(&ev_sigint, SIGINT, dns_sig_handler, NULL); signal_set(&ev_sigterm, SIGTERM, dns_sig_handler, NULL); signal_set(&ev_sighup, SIGHUP, dns_sig_handler, NULL); signal_add(&ev_sigint, NULL); signal_add(&ev_sigterm, NULL); signal_add(&ev_sighup, NULL); if ((env.sc_iev = calloc(1, sizeof(*env.sc_iev))) == NULL) fatal(NULL); env.sc_iev->events = EV_READ; env.sc_iev->data = &env; imsg_init(&env.sc_iev->ibuf, pipe_ntp[1]); env.sc_iev->handler = dns_dispatch_imsg; event_set(&env.sc_iev->ev, env.sc_iev->ibuf.fd, env.sc_iev->events, env.sc_iev->handler, &env); event_add(&env.sc_iev->ev, NULL); event_dispatch(); dns_shutdown(); return (0); }
/* * do_write - actually make the connection */ void do_write(char *tty, char *mytty, uid_t myuid) { char *login, *nows; struct passwd *pwd; time_t now; char path[PATH_MAX], host[HOST_NAME_MAX+1], line[512]; gid_t gid; int fd; /* Determine our login name before the we reopen() stdout */ if ((login = getlogin()) == NULL) { if ((pwd = getpwuid(myuid))) login = pwd->pw_name; else login = "******"; } (void)snprintf(path, sizeof(path), "%s%s", _PATH_DEV, tty); fd = open(path, O_WRONLY, 0666); if (fd == -1) err(1, "open %s", path); fflush(stdout); if (dup2(fd, STDOUT_FILENO) == -1) err(1, "dup2 %s", path); if (fd != STDOUT_FILENO) close(fd); /* revoke privs, now that we have opened the tty */ gid = getgid(); if (setresgid(gid, gid, gid) == -1) err(1, "setresgid"); /* * Unfortunately this is rather late - well after utmp * parsing, then pinned by the tty open and setresgid */ if (pledge("stdio", NULL) == -1) err(1, "pledge"); (void)signal(SIGINT, done); (void)signal(SIGHUP, done); /* print greeting */ if (gethostname(host, sizeof(host)) < 0) (void)strlcpy(host, "???", sizeof host); now = time(NULL); nows = ctime(&now); nows[16] = '\0'; (void)printf("\r\n\007\007\007Message from %s@%s on %s at %s ...\r\n", login, host, mytty, nows + 11); while (fgets(line, sizeof(line), stdin) != NULL) wr_fputs(line); }
int main(int argc, char *argv[]) { struct stat sb; int ch, exitval; char *sourcedir; if (pledge("stdio rpath cpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "fhLnPs")) != -1) switch (ch) { case 'f': fflag = 1; break; case 'h': case 'n': hflag = 1; break; case 'L': Pflag = 0; break; case 'P': Pflag = 1; break; case 's': sflag = 1; break; default: usage(); } argv += optind; argc -= optind; switch(argc) { case 0: usage(); case 1: /* ln target */ exit(linkit(argv[0], ".", 1)); case 2: /* ln target source */ exit(linkit(argv[0], argv[1], 0)); } /* ln target1 target2 directory */ sourcedir = argv[argc - 1]; if (stat(sourcedir, &sb)) err(1, "%s", sourcedir); if (!S_ISDIR(sb.st_mode)) usage(); for (exitval = 0; *argv != sourcedir; ++argv) exitval |= linkit(*argv, sourcedir, 1); exit(exitval); }
void control_run(struct privsep *ps, struct privsep_proc *p, void *arg) { /* * pledge in the control process: * stdio - for malloc and basic I/O including events. * cpath - for unlinking the control socket. * unix - for the control socket. */ if (pledge("stdio cpath unix", NULL) == -1) fatal("pledge"); }
int SCPledge(void) { int ret = pledge("stdio rpath wpath cpath fattr unix dns bpf", NULL); if (ret != 0) { SCLogError(SC_ERR_PLEDGE_FAILED, "unable to pledge," " check permissions!! ret=%i errno=%i", ret, errno); exit(EXIT_FAILURE); } return 0; }
static void initialize(void) { #ifdef __OpenBSD__ /* pledge(2) only works on 5.9 or higher */ struct utsname name; if (uname(&name) != -1 && strncmp(name.release, "5.8", 3) > 0) { if (pledge("stdio rpath", NULL) == -1) { err(1, "pledge"); } } #endif }
int main(int argc, char *argv[]) { if (pledge("stdio", NULL) == -1) err(1, "pledge"); if (argc > 1) for (;;) puts(argv[1]); else for (;;) puts("y"); }
void StartDisplay (struct display *d) { pid_t pid; Debug ("StartDisplay %s\n", d->name); LogInfo ("Starting X server on %s\n", d->name); LoadServerResources (d); if (d->authorize) { Debug ("SetLocalAuthorization %s, auth %s\n", d->name, d->authNames[0]); SetLocalAuthorization (d); } if (d->serverPid == -1 && !StartServer (d)) { LogError ("Server for display %s can't be started, session disabled\n", d->name); RemoveDisplay (d); return; } if (!nofork_session) pid = fork (); else pid = 0; switch (pid) { case 0: if (!nofork_session) { CleanUpChild (); (void) signal (SIGPIPE, SIG_IGN); } openlog("xenodm", LOG_PID, LOG_AUTHPRIV); LoadSessionResources (d); SetAuthorization (d); if (!WaitForServer (d)) exit (OPENFAILED_DISPLAY); SetWindowPath(d); if (pledge("stdio rpath cpath wpath fattr flock proc dns inet unix exec prot_exec getpw id", NULL) != 0) exit(OPENFAILED_DISPLAY); ManageSession (d); exit (REMANAGE_DISPLAY); case -1: break; default: Debug ("pid: %d\n", pid); d->pid = pid; d->status = running; break; } }
void ca_run(struct privsep *ps, struct privsep_proc *p, void *arg) { /* * pledge in the ca process: * stdio - for malloc and basic I/O including events. * rpath - for certificate files. * recvfd - for ocsp sockets. */ if (pledge("stdio rpath recvfd", NULL) == -1) fatal("pledge"); ca_reset(ps, p, arg); }
void drop_permissions(const char* username) { struct passwd* passwd = getpwnam(username); if(passwd == NULL) { die("Failed to get user information"); } struct group* group = getgrnam(username); if(group == NULL) { die("Failed to get group information"); } if(chroot("/var/empty") != 0) { die("Failed to chroot"); } if(chdir("/") != 0) { die("Failed to chdir"); } if(setgroups(0, NULL) == -1) { die("Failed to set supplementary groups"); } if(setgid(group->gr_gid) == -1) { die("Failed to set group"); } if(setuid(passwd->pw_uid) == -1) { die("Failed to set user"); } pledge("stdio unix", NULL); }
int main(int argc, char *argv[]) { FILE *fp; int ch; if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { case '?': default: (void) fprintf(stderr, "usage: unvis [file ...]\n"); exit(1); } argc -= optind; argv += optind; if (*argv) while (*argv) { if ((fp=fopen(*argv, "r")) != NULL) { process(fp, *argv); fclose(fp); } else warn("%s", *argv); argv++; } else { if (pledge("stdio", NULL) == -1) err(1, "pledge"); process(stdin, "<stdin>"); } exit(0); }
void getsocket(void) { socklen_t len = sizeof(rdomain); if (s >= 0) return; s = socket(PF_ROUTE, SOCK_RAW, 0); if (s < 0) err(1, "socket"); if (setsockopt(s, PF_ROUTE, ROUTE_TABLEFILTER, &rdomain, len) < 0) err(1, "ROUTE_TABLEFILTER"); if (pledge("stdio dns", NULL) == -1) err(1, "pledge"); }
R_API bool r_sandbox_enable (bool e) { if (enabled) { if (!e) { // eprintf ("Cant disable sandbox\n"); } return true; } enabled = e; #if LIBC_HAVE_PLEDGE if (enabled && pledge ("stdio rpath tty prot_exec", NULL) == -1) { eprintf ("sandbox: pledge call failed\n"); return false; } #endif return enabled; }