示例#1
0
文件: talk.c 项目: ajinkya93/OpenBSD 
int
main(int argc, char *argv[])
{
	if (pledge("stdio rpath inet dns getpw tty", NULL) == -1)
		err(1, "pledge");

	get_names(argc, argv);
	init_display();
	open_ctl();
	open_sockt();
	start_msgs();
	if (!check_local())
		invite_remote();
	end_msgs();
	set_edit_chars();

	if (his_machine_addr.s_addr == my_machine_addr.s_addr) {
		if (pledge("stdio tty", NULL) == -1)
			err(1, "pledge");
	} else {
		if (pledge("stdio inet tty", NULL) == -1)
			err(1, "pledge");
	}

	talk();
	return (0);
}
示例#2
0
文件: rm.c 项目: ajinkya93/OpenBSD 
/*
 * rm --
 *	This rm is different from historic rm's, but is expected to match
 *	POSIX 1003.2 behavior.  The most visible difference is that -f
 *	has two specific effects now, ignore non-existent files and force
 * 	file removal.
 */
int
main(int argc, char *argv[])
{
	int ch, rflag;

	setlocale(LC_ALL, "");

	Pflag = rflag = 0;
	while ((ch = getopt(argc, argv, "dfiPRr")) != -1)
		switch(ch) {
		case 'd':
			dflag = 1;
			break;
		case 'f':
			fflag = 1;
			iflag = 0;
			break;
		case 'i':
			fflag = 0;
			iflag = 1;
			break;
		case 'P':
			Pflag = 1;
			break;
		case 'R':
		case 'r':			/* Compatibility. */
			rflag = 1;
			break;
		default:
			usage();
		}
	argc -= optind;
	argv += optind;

	if (Pflag) {
		if (pledge("stdio rpath wpath cpath getpw", NULL) == -1)
			err(1, "pledge");
	} else {
		if (pledge("stdio rpath cpath getpw", NULL) == -1)
			err(1, "pledge");
	}

	if (argc < 1 && fflag == 0)
		usage();

	checkdot(argv);

	if (*argv) {
		stdin_ok = isatty(STDIN_FILENO);

		if (rflag)
			rm_tree(argv);
		else
			rm_file(argv);
	}

	exit(eval);
}
示例#3
0
/*
 * this section of code will drop all (OpenBSD) privileges including
 * those normally granted to all userland process (basic privileges). The
 * effect of this is that after running this code, the process will not able
 * to fork(), exec(), etc.  See pledge(2) for more information.
 */
void drop_privileges() {
    extern char *__progname;

    if (settings.socketpath != NULL) {
       if (pledge("stdio unix", NULL) == -1) {
          fprintf(stderr, "%s: pledge: %s\n", __progname, strerror(errno));
          exit(EXIT_FAILURE);
       }
    } else {
       if (pledge("stdio inet", NULL) == -1) {
          fprintf(stderr, "%s: pledge: %s\n", __progname, strerror(errno));
          exit(EXIT_FAILURE);
       }
     }
}
示例#4
0
文件: pr.c 项目: ajinkya93/OpenBSD 
int
main(int argc, char *argv[])
{
    int ret_val;

    if (pledge("stdio rpath", NULL) == -1) {
	perror("pledge");
	exit(1);
    }

    if (signal(SIGINT, SIG_IGN) != SIG_IGN)
	(void)signal(SIGINT, terminate);
    ret_val = setup(argc, argv);
    if (!ret_val) {
	/*
	 * select the output format based on options
	 */
	if (merge)
	    ret_val = mulfile(argc, argv);
	else if (clcnt == 1)
	    ret_val = onecol(argc, argv);
	else if (across)
	    ret_val = horzcol(argc, argv);
	else
	    ret_val = vertcol(argc, argv);
    } else
	usage();
    flsh_errs();
    if (errcnt || ret_val)
	exit(1);
    return(0);
}
示例#5
0
__dead void
irr_main(u_int32_t AS, int flags, char *outdir)
{
	char	*query;
	int	 r;

	if (pledge("stdio rpath wpath cpath inet dns", NULL) == -1)
		err(1, "pledge");

	fprintf(stderr, "irrfilter for: %u, writing to %s\n", AS, outdir);

	irrflags = flags;
	irrverbose = 0;
	TAILQ_INIT(&router_head);

	/* send query for own AS, parse policy */
	if (asprintf(&query, "AS%u", AS) == -1)
		err(1, "parse_policy asprintf");
	if ((r = whois(query, QTYPE_OWNAS)) == -1)
		exit(1);
	if (r == 0)
		errx(1, "aut-num object %s not found", query);
	free(query);

	write_filters(outdir);

	exit(0);
}
示例#6
0
文件: bs.c 项目: a565109863/src 
int
main(int argc, char *argv[])
{
    if (pledge("stdio rpath tty", NULL) == -1)
        err(1, "pledge");

    do_options(argc, argv);

    intro();
    do {
	initgame();
	while(awinna() == -1)
	{
	    if (!blitz)
	    {
		if (!salvo)
		{
	    	    if(turn)
			(void) cputurn();
		    else
			(void) plyturn();
		}
		else  /* salvo */
		{
		    int i;

		    i = scount(turn);
		    while (i--)
		    {
			if (turn)
			{
			    if (cputurn() && awinna() != -1)
				i = 0;
			}
			else
			{
			    if (plyturn() && awinna() != -1)
				i = 0;
			}
		    }
		}
	    }
	    else  /* blitz */
	    	while(turn ? cputurn() : plyturn())
		{
		    if (turn)   /* Pause between successive computer shots */
		    {
			(void)refresh();
			(void)sleep(1);
		    }
		    if (awinna() != -1)
		     break;
		}
	    turn = OTHER;
	}
    } while
	(playagain());
    uninitgame(0);
    return 0;
}
示例#7
0
int
main(int argc, char *argv[])
{
	int ch;
	char *p;

	setlocale(LC_ALL, "");

	if (pledge("stdio", NULL) == -1)
		err(1, "pledge");

	while ((ch = getopt(argc, argv, "")) != -1)
		switch (ch) {
		case '?':
		default:
			usage();
			/* NOTREACHED */
		}

	if (argc != optind) {
		usage();
		/* NOTREACHED */
	}

	if ((p = getlogin()) == NULL)
		err(1, NULL);
	(void)printf("%s\n", p);
	exit(0);
}
示例#8
0
int
main(int argc, char **argv)
{
	struct passwd *pw;
	struct skey key;
	char *name = NULL;
	int error, ch, verbose = 0;

	if (pledge("stdio rpath wpath flock getpw", NULL) == -1)
		err(1, "pledge");

	while ((ch = getopt(argc, argv, "v")) != -1)
		switch(ch) {
		case 'v':
			verbose = 1;
			break;
		default:
			usage();
	}
	argc -= optind;
	argv += optind;

	if (argc == 1)
		name = argv[0];
	else if (argc > 1)
		usage();

	if (name && getuid() != 0)
		errx(1, "only root may specify an alternate user");

	if (name) {
		if ((pw = getpwnam(name)) == NULL)
			errx(1, "no passwd entry for %s", name);
	} else {
		if ((pw = getpwuid(getuid())) == NULL)
			errx(1, "no passwd entry for uid %u", getuid());
	}

	if ((name = strdup(pw->pw_name)) == NULL)
		err(1, "cannot allocate memory");
	sevenbit(name);

	error = skeylookup(&key, name);
	switch (error) {
		case 0:		/* Success! */
			if (verbose)
				(void)printf("otp-%s ", skey_get_algorithm());
			(void)printf("%d %s\n", key.n - 1, key.seed);
			break;
		case -1:	/* File error */
			err(1, "cannot open %s/%s", _PATH_SKEYDIR, name);
			break;
		case 1:		/* Unknown user */
			errx(1, "%s is not listed in %s", name, _PATH_SKEYDIR);
			break;
	}
	(void)fclose(key.keyfile);

	exit(error ? 1 : 0);
}
示例#9
0
文件: expr.c 项目: radixo/openbsd-src 
int
main(int argc, char *argv[])
{
	struct val     *vp;

	(void) setlocale(LC_ALL, "");

	if (pledge("stdio", NULL) == -1)
		err(1, "pledge");

	if (argc > 1 && !strcmp(argv[1], "--"))
		argv++;

	av = argv + 1;

	nexttoken(0);
	vp = eval0();

	if (token != EOI) {
		error();
		/* NOTREACHED */
	}

	if (vp->type == integer)
		printf("%d\n", vp->u.i);
	else
		printf("%s\n", vp->u.s);

	exit(is_zero_or_null(vp));
}
示例#10
0
int
main(int argc, char *argv[])
{
	int			 ch;
	struct parse_result	*result;

	while ((ch = getopt(argc, argv, "")) != -1)
		switch (ch) {
		default:
			usage();
			return (EXIT_FAILURE);
		}
	argc -= optind;
	argv += optind;

	if ((result = parse(argc, argv)) == NULL)
		return (EXIT_FAILURE);

	switch (result->action) {
	case NONE:
		break;
	case TEST:
		if (pledge("stdio dns inet", NULL) == -1)
			err(EXIT_FAILURE, "pledge");
		radius_test(result);
		break;
	}

	return (EXIT_SUCCESS);
}
示例#11
0
int
main(int argc, char *argv[])
{
	int ch, c, fd, ret = 1;
	struct stat sb;
	char *pr_form;
	time_t mtime;
	FILE *fp;

	if (pledge("stdio rpath wpath cpath tmppath getpw proc exec", NULL) == -1)
		err(1, "pledge");

	while ((ch = getopt(argc, argv, "DEP")) != -1)
		switch (ch) {
		case 'D':
			Dflag = 1;
			break;
		case 'E':
			debase();
			exit(0);
		case 'P':
			Pflag = 1;
			break;
		default:
			usage();
		}
	argc -= optind;
	argv += optind;

	if (argc > 0)
		usage();

	if (Pflag) {
		init();
示例#12
0
文件: main.c 项目: darksoul42/bitrig 
int
main(int argc, char *argv[])
{
	f = -1;

	if (pledge("stdio rpath wpath cpath dns inet", NULL) == -1)
		err(1, "pledge");

	/* set default transfer mode */
	strlcpy(mode, "netascii", sizeof(mode));

	/* set peer if given */
	if (argc > 1)
		parsearg(argc, argv);

	/* catch SIGINT */
	signal(SIGINT, intr);

	/* allocate memory for packets */
	if ((ackbuf = malloc(SEGSIZE_MAX + 4)) == NULL)
		err(1, "malloc");

	/* command prompt */
	command();

	return (0);
}
示例#13
0
文件: ac.c 项目: ajinkya93/OpenBSD 
int
main(int argc, char *argv[])
{
	FILE *fp;
	int c;

	if (pledge("stdio rpath", NULL) == -1)
		err(1, "pledge");

	fp = NULL;
	while ((c = getopt(argc, argv, "Ddpt:w:")) != -1) {
		switch (c) {
#ifdef DEBUG
		case 'D':
			Debug = 1;
			break;
#endif
		case 'd':
			Flags |= AC_D;
			break;
		case 'p':
			Flags |= AC_P;
			break;
		case 't':			/* only do specified ttys */
			add_tty(optarg);
			break;
		case 'w':
			fp = file(optarg);
			break;
		case '?':
		default:
			usage();
			break;
		}
	}
	if (optind < argc) {
		/*
		 * initialize user list
		 */
		for (; optind < argc; optind++) {
			Users = update_user(Users, argv[optind], 0L);
		}
		Flags |= AC_U;			/* freeze user list */
	}
	if (Flags & AC_D)
		Flags &= ~AC_P;
	if (fp == NULL) {
		/*
		 * if _PATH_WTMP does not exist, exit quietly
		 */
		if (access(_PATH_WTMP, 0) != 0 && errno == ENOENT)
			return 0;

		fp = file(_PATH_WTMP);
	}
	ac(fp);

	return 0;
}
示例#14
0
int
sandbox_after(void)
{

	switch (proccomp) {
	case (COMP_ACCOUNT):
	case (COMP_CERT):
	case (COMP_KEY):
	case (COMP_REVOKE):
	case (COMP__MAX):
		if (-1 == pledge("stdio", NULL)) {
			warn("pledge");
			return(0);
		}
		break;
	case (COMP_CHALLENGE):
		if (-1 == pledge("stdio cpath wpath", NULL)) {
			warn("pledge");
			return(0);
		}
		break;
	case (COMP_DNS):
		if (-1 == pledge("stdio dns", NULL)) {
			warn("pledge");
			return(0);
		}
		break;
	case (COMP_FILE):
		/* 
		 * Rpath and cpath for rename, wpath and cpath for
		 * writing to the temporary.
		 */
		if (-1 == pledge("stdio cpath wpath rpath", NULL)) {
			warn("pledge");
			return(0);
		}
		break;
	case (COMP_NET):
		if (-1 == pledge("stdio inet", NULL)) {
			warn("pledge");
			return(0);
		}
		break;
	}
	return(1);
}
示例#15
0
int
main(void)
{
	if (-1 == pledge("stdio", NULL)) {
		perror("pledge");
		return(1);
	}
	return(0);
}
示例#16
0
int
errstr_main(int argc, char **argv)
{
	unsigned long ulval;
	char *ularg, *ep;
	int argsused, i;
	char buf[256];
	int ret = 0;

	if (single_execution) {
		if (pledge("stdio rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&errstr_config, 0, sizeof(errstr_config));

	if (options_parse(argc, argv, errstr_options, NULL, &argsused) != 0) {
		errstr_usage();
		return (1);
	}

	if (errstr_config.stats) {
		BIO *out;

		if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) {
			fprintf(stderr, "Out of memory");
			return (1);
		}

		lh_ERR_STRING_DATA_node_stats_bio(ERR_get_string_table(), out);
		lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), out);
		lh_ERR_STRING_DATA_node_usage_stats_bio(
			    ERR_get_string_table(), out);

		BIO_free_all(out);
	}

	for (i = argsused; i < argc; i++) {
		errno = 0;
		ularg = argv[i];
		ulval = strtoul(ularg, &ep, 16);
		if (strchr(ularg, '-') != NULL ||
		    (ularg[0] == '\0' || *ep != '\0') ||
		    (errno == ERANGE && ulval == ULONG_MAX)) {
			printf("%s: bad error code\n", ularg);
			ret++;
			continue;
		}

		ERR_error_string_n(ulval, buf, sizeof(buf));
		printf("%s\n", buf);
	}

	return (ret);
}
示例#17
0
int
control(void)
{
	struct passwd		*pw;

	purge_config(PURGE_EVERYTHING);

	if ((pw = getpwnam(SMTPD_USER)) == NULL)
		fatalx("unknown user " SMTPD_USER);

	stat_backend = env->sc_stat;
	stat_backend->init();

	if (chroot(PATH_CHROOT) == -1)
		fatal("control: chroot");
	if (chdir("/") == -1)
		fatal("control: chdir(\"/\")");

	config_process(PROC_CONTROL);

	if (setgroups(1, &pw->pw_gid) ||
	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
		fatal("control: cannot drop privileges");

	imsg_callback = control_imsg;
	event_init();

	signal(SIGINT, SIG_IGN);
	signal(SIGTERM, SIG_IGN);
	signal(SIGPIPE, SIG_IGN);
	signal(SIGHUP, SIG_IGN);

	tree_init(&ctl_conns);
	tree_init(&ctl_count);

	memset(&digest, 0, sizeof digest);
	digest.startup = time(NULL);

	config_peer(PROC_SCHEDULER);
	config_peer(PROC_QUEUE);
	config_peer(PROC_PARENT);
	config_peer(PROC_LKA);
	config_peer(PROC_PONY);
	config_peer(PROC_CA);

	control_listen();

	if (pledge("stdio unix recvfd sendfd", NULL) == -1)
		err(1, "pledge");

	event_dispatch();
	fatalx("exited event loop");

	return (0);
}
示例#18
0
pid_t
ypldap_dns(int pipe_ntp[2], struct passwd *pw)
{
	pid_t			 pid;
	struct event	 ev_sigint;
	struct event	 ev_sigterm;
	struct event	 ev_sighup;
	struct env	 env;

	switch (pid = fork()) {
	case -1:
		fatal("cannot fork");
		break;
	case 0:
		break;
	default:
		return (pid);
	}

	setproctitle("dns engine");
	close(pipe_ntp[0]);

	if (setgroups(1, &pw->pw_gid) ||
	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
		fatal("can't drop privileges");
	endservent();

	if (pledge("stdio dns", NULL) == -1)
		fatal("pledge");

	event_init();
	signal_set(&ev_sigint, SIGINT, dns_sig_handler, NULL);
	signal_set(&ev_sigterm, SIGTERM, dns_sig_handler, NULL);
	signal_set(&ev_sighup, SIGHUP, dns_sig_handler, NULL);
	signal_add(&ev_sigint, NULL);
	signal_add(&ev_sigterm, NULL);
	signal_add(&ev_sighup, NULL);

	if ((env.sc_iev = calloc(1, sizeof(*env.sc_iev))) == NULL)
		fatal(NULL);

	env.sc_iev->events = EV_READ;
	env.sc_iev->data = &env;
	imsg_init(&env.sc_iev->ibuf, pipe_ntp[1]);
	env.sc_iev->handler = dns_dispatch_imsg;
	event_set(&env.sc_iev->ev, env.sc_iev->ibuf.fd, env.sc_iev->events,
	    env.sc_iev->handler, &env);
	event_add(&env.sc_iev->ev, NULL);

	event_dispatch();
	dns_shutdown();

	return (0);
}
示例#19
0
文件: write.c 项目: ajinkya93/OpenBSD 
/*
 * do_write - actually make the connection
 */
void
do_write(char *tty, char *mytty, uid_t myuid)
{
	char *login, *nows;
	struct passwd *pwd;
	time_t now;
	char path[PATH_MAX], host[HOST_NAME_MAX+1], line[512];
	gid_t gid;
	int fd;

	/* Determine our login name before the we reopen() stdout */
	if ((login = getlogin()) == NULL) {
		if ((pwd = getpwuid(myuid)))
			login = pwd->pw_name;
		else
			login = "******";
	}

	(void)snprintf(path, sizeof(path), "%s%s", _PATH_DEV, tty);
	fd = open(path, O_WRONLY, 0666);
	if (fd == -1)
		err(1, "open %s", path);
	fflush(stdout);
	if (dup2(fd, STDOUT_FILENO) == -1)
		err(1, "dup2 %s", path);
	if (fd != STDOUT_FILENO)
		close(fd);

	/* revoke privs, now that we have opened the tty */
	gid = getgid();
	if (setresgid(gid, gid, gid) == -1)
		err(1, "setresgid");

	/*
	 * Unfortunately this is rather late - well after utmp
	 * parsing, then pinned by the tty open and setresgid
	 */
	if (pledge("stdio", NULL) == -1)
		err(1, "pledge");

	(void)signal(SIGINT, done);
	(void)signal(SIGHUP, done);

	/* print greeting */
	if (gethostname(host, sizeof(host)) < 0)
		(void)strlcpy(host, "???", sizeof host);
	now = time(NULL);
	nows = ctime(&now);
	nows[16] = '\0';
	(void)printf("\r\n\007\007\007Message from %s@%s on %s at %s ...\r\n",
	    login, host, mytty, nows + 11);

	while (fgets(line, sizeof(line), stdin) != NULL)
		wr_fputs(line);
}
示例#20
0
文件: ln.c 项目: Open343/bitrig 
int
main(int argc, char *argv[])
{
	struct stat sb;
	int ch, exitval;
	char *sourcedir;

	if (pledge("stdio rpath cpath", NULL) == -1)
		err(1, "pledge");

	while ((ch = getopt(argc, argv, "fhLnPs")) != -1)
		switch (ch) {
		case 'f':
			fflag = 1;
			break;
		case 'h':
		case 'n':
			hflag = 1;
			break;
		case 'L':
			Pflag = 0;
			break;
		case 'P':
			Pflag = 1;
			break;
		case 's':
			sflag = 1;
			break;
		default:
			usage();
		}

	argv += optind;
	argc -= optind;

	switch(argc) {
	case 0:
		usage();
	case 1:				/* ln target */
		exit(linkit(argv[0], ".", 1));
	case 2:				/* ln target source */
		exit(linkit(argv[0], argv[1], 0));
	}
					/* ln target1 target2 directory */
	sourcedir = argv[argc - 1];
	if (stat(sourcedir, &sb))
		err(1, "%s", sourcedir);
	if (!S_ISDIR(sb.st_mode))
		usage();
	for (exitval = 0; *argv != sourcedir; ++argv)
		exitval |= linkit(*argv, sourcedir, 1);
	exit(exitval);
}
示例#21
0
文件: control.c 项目: xcllnt/openiked 
void
control_run(struct privsep *ps, struct privsep_proc *p, void *arg)
{
	/*
	 * pledge in the control process:
 	 * stdio - for malloc and basic I/O including events.
	 * cpath - for unlinking the control socket.
	 * unix - for the control socket.
	 */
	if (pledge("stdio cpath unix", NULL) == -1)
		fatal("pledge");
}
示例#22
0
int SCPledge(void)
{
    int ret = pledge("stdio rpath wpath cpath fattr unix dns bpf", NULL);

    if (ret != 0) {
        SCLogError(SC_ERR_PLEDGE_FAILED, "unable to pledge,"
                " check permissions!! ret=%i errno=%i", ret, errno);
        exit(EXIT_FAILURE);
    }

    return 0;
}
示例#23
0
static void initialize(void) {
#ifdef __OpenBSD__
    /* pledge(2) only works on 5.9 or higher */
    struct utsname name;

    if (uname(&name) != -1 && strncmp(name.release, "5.8", 3) > 0) {
        if (pledge("stdio rpath", NULL) == -1) {
            err(1, "pledge");
        }
    }

#endif
}
示例#24
0
文件: yes.c 项目: ajinkya93/OpenBSD 
int
main(int argc, char *argv[])
{
	if (pledge("stdio", NULL) == -1)
		err(1, "pledge");

	if (argc > 1)
		for (;;)
			puts(argv[1]);
	else
		for (;;)
			puts("y");
}
示例#25
0
void
StartDisplay (struct display *d)
{
    pid_t	pid;

    Debug ("StartDisplay %s\n", d->name);
    LogInfo ("Starting X server on %s\n", d->name);
    LoadServerResources (d);
    if (d->authorize)
    {
        Debug ("SetLocalAuthorization %s, auth %s\n",
               d->name, d->authNames[0]);
        SetLocalAuthorization (d);
    }
    if (d->serverPid == -1 && !StartServer (d))
    {
        LogError ("Server for display %s can't be started, session disabled\n", d->name);
        RemoveDisplay (d);
        return;
    }
    if (!nofork_session)
	pid = fork ();
    else
	pid = 0;
    switch (pid)
    {
    case 0:
	if (!nofork_session) {
	    CleanUpChild ();
	    (void) signal (SIGPIPE, SIG_IGN);
	}
	openlog("xenodm", LOG_PID, LOG_AUTHPRIV);
	LoadSessionResources (d);
	SetAuthorization (d);
	if (!WaitForServer (d))
	    exit (OPENFAILED_DISPLAY);
	SetWindowPath(d);
	if (pledge("stdio rpath cpath wpath fattr flock proc dns inet unix exec prot_exec getpw id", NULL) != 0)
	    exit(OPENFAILED_DISPLAY);
	ManageSession (d);
	exit (REMANAGE_DISPLAY);
    case -1:
	break;
    default:
	Debug ("pid: %d\n", pid);
	d->pid = pid;
	d->status = running;
	break;
    }
}
示例#26
0
文件: ca.c 项目: ajinkya93/OpenBSD 
void
ca_run(struct privsep *ps, struct privsep_proc *p, void *arg)
{
	/*
	 * pledge in the ca process:
	 * stdio - for malloc and basic I/O including events.
	 * rpath - for certificate files.
	 * recvfd - for ocsp sockets.
	 */
	if (pledge("stdio rpath recvfd", NULL) == -1)
		fatal("pledge");

	ca_reset(ps, p, arg);
}
示例#27
0
文件: networkd.c 项目: i80and/network 
void drop_permissions(const char* username) {
    struct passwd* passwd = getpwnam(username);
    if(passwd == NULL) { die("Failed to get user information"); }
    struct group* group = getgrnam(username);
    if(group == NULL) { die("Failed to get group information"); }

    if(chroot("/var/empty") != 0) { die("Failed to chroot"); }
    if(chdir("/") != 0) { die("Failed to chdir"); }

    if(setgroups(0, NULL) == -1) { die("Failed to set supplementary groups"); }
    if(setgid(group->gr_gid) == -1) { die("Failed to set group"); }
    if(setuid(passwd->pw_uid) == -1) { die("Failed to set user"); }

    pledge("stdio unix", NULL);
}
示例#28
0
文件: unvis.c 项目: ajinkya93/OpenBSD 
int
main(int argc, char *argv[])
{
	FILE *fp;
	int ch;

	if (pledge("stdio rpath", NULL) == -1)
		err(1, "pledge");

	while ((ch = getopt(argc, argv, "")) != -1)
		switch(ch) {
		case '?':
		default:
			(void) fprintf(stderr, "usage: unvis [file ...]\n");
			exit(1);
		}
	argc -= optind;
	argv += optind;

	if (*argv)
		while (*argv) {
			if ((fp=fopen(*argv, "r")) != NULL) {
				process(fp, *argv);
				fclose(fp);
			} else
				warn("%s", *argv);
			argv++;
		}
	else {
		if (pledge("stdio", NULL) == -1)
			err(1, "pledge");

		process(stdin, "<stdin>");
	}
	exit(0);
}
示例#29
0
文件: arp.c 项目: darksoul42/bitrig 
void
getsocket(void)
{
	socklen_t len = sizeof(rdomain);

	if (s >= 0)
		return;
	s = socket(PF_ROUTE, SOCK_RAW, 0);
	if (s < 0)
		err(1, "socket");
	if (setsockopt(s, PF_ROUTE, ROUTE_TABLEFILTER, &rdomain, len) < 0)
		err(1, "ROUTE_TABLEFILTER");

	if (pledge("stdio dns", NULL) == -1)
		err(1, "pledge");
}
示例#30
0
文件: sandbox.c 项目: jduck/radare2 
R_API bool r_sandbox_enable (bool e) {
	if (enabled) {
		if (!e) {
			// eprintf ("Cant disable sandbox\n");
		}
		return true;
	}
	enabled = e;
#if LIBC_HAVE_PLEDGE
	if (enabled && pledge ("stdio rpath tty prot_exec", NULL) == -1) {
		eprintf ("sandbox: pledge call failed\n");
		return false;
	}
#endif
	return enabled;
}