Hoist control socket handling, restrict runtime on OpenBSD

Use pledge(2) to prevent fork/exec, filesystem access and other unused subsets of system calls, effectively leaving only shared memory and networking capabilities at runtime. (Those might be further reduced, but that warrants further analysis and most likely more code shuffling.)
mikebrady · Jan 27, 2024 · 6e5f694 · 6e5f694
1 parent 4586bb0
commit 6e5f694
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/nqptp.c b/nqptp.c
@@ -131,6 +131,11 @@ void termHandler(__attribute__((unused)) int k) {
 }
 
 int main(int argc, char **argv) {
+#ifdef CONFIG_FOR_OPENBSD
+  if (pledge("stdio rpath tmppath inet dns id", NULL) == -1) {
+    die("pledge: %s", strerror(errno));
+  }
+#endif
 
   int debug_level = 0;
   int i;
@@ -215,6 +220,10 @@ int main(int argc, char **argv) {
       setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
     die("cannot drop privileges to %s", shairport_user);
   }
+
+  if (pledge("stdio tmppath inet dns", NULL) == -1) {
+    die("pledge: %s", strerror(errno));
+  }
 #endif
 
   // open the SMI