mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-05-23 13:52:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Improve pledge() and unveil()

Browse source 
The pledge.com command now supports the new [WIP] unveil() support. For
example, to strongly sandbox our command for listing directories.

    o//tool/build/assimilate.com o//examples/ls.com
    pledge.com -v /etc -p 'stdio rpath' o//examples/ls.com /etc

This file system sandboxing is going to be perfect for us, because APE
binaries are self-contained static executables that really don't use the
filesystem that much. On the other hand, with non-static executables,
sandboxing is going to be more difficult. For example, here's how to
sandbox the `ls` command on the latest Alpine:

    pledge.com -v rx:/lib -v /usr/lib -v /etc -p 'stdio rpath exec' ls /etc

This change fixes the `execpromises` API with pledge().

This change also adds unix.unveil() to redbean.

Fixes #494
This commit is contained in:
Justine Tunney 2022-07-18 07:23:15 -07:00
parent b1d9d11be1
commit e81edf7b04
19 changed files with 535 additions and 150 deletions
Download patch file Download diff file Expand all files Collapse all files

15
third_party/lua/lunix.c vendored
View file

@ -1382,12 +1382,22 @@ static int LuaUnixSiocgifconf(lua_State *L) {
return 1;
}
// sandbox.pledge([promises:str])
// sandbox.pledge([promises:str[, execpromises:str]])
// ├─→ true
// └─→ nil, unix.Errno
static int LuaUnixPledge(lua_State *L) {
int olderr = errno;
return SysretBool(L, "pledge", olderr, pledge(luaL_checkstring(L, 1), 0));
return SysretBool(L, "pledge", olderr,
pledge(luaL_checkstring(L, 1), luaL_optstring(L, 2, 0)));
}
// sandbox.unveil(path:str, permissions:str)
// ├─→ true
// └─→ nil, unix.Errno
static int LuaUnixUnveil(lua_State *L) {
int olderr = errno;
return SysretBool(L, "unveil", olderr,
unveil(luaL_checkstring(L, 1), luaL_checkstring(L, 2)));
}
// unix.gethostname()
@ -2636,6 +2646,7 @@ static const luaL_Reg kLuaUnix[] = {
{"truncate", LuaUnixTruncate}, // shrink or extend file medium
{"umask", LuaUnixUmask}, // set default file mask
{"unlink", LuaUnixUnlink}, // remove file
{"unveil", LuaUnixUnveil}, // filesystem sandboxing
{"utimensat", LuaUnixUtimensat}, // change access/modified time
{"wait", LuaUnixWait}, // wait for child to change status
{"write", LuaUnixWrite}, // write to file or socket