xz: Add support for OpenBSD's pledge() sandbox.

author: Lasse Collin <lasse.collin@tukaani.org> 2022-10-25 21:11:58 +0300
committer: Lasse Collin <lasse.collin@tukaani.org> 2022-10-25 21:30:48 +0300
commit: 563288ea705e83ff5cb292adf794650c263bca1d (patch)
tree: 4e44dd5f1842361d331db7564005700667a3af3c /src/xz/file_io.c
parent: xz: Fix decompressor behavior if input uses an unsupported check type. (diff)
download: xz-563288ea705e83ff5cb292adf794650c263bca1d.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c
index 046ca7e3..61857029 100644
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@@ -212,6 +212,17 @@ io_sandbox_enter(int src_fd)
 	if (cap_enter())
 		goto error;
 
+#elif defined(HAVE_PLEDGE)
+	// pledge() was introduced in OpenBSD 5.9.
+	//
+	// main() unconditionally calls pledge() with fairly relaxed
+	// promises which work in all situations. Here we make the
+	// sandbox more strict.
+	if (pledge("stdio", ""))
+		goto error;
+
+	(void)src_fd;
+
 #else
 #	error ENABLE_SANDBOX is defined but no sandboxing method was found.
 #endif
author	Lasse Collin <lasse.collin@tukaani.org>	2022-10-25 21:11:58 +0300
committer	Lasse Collin <lasse.collin@tukaani.org>	2022-10-25 21:30:48 +0300
commit	563288ea705e83ff5cb292adf794650c263bca1d (patch)
tree	4e44dd5f1842361d331db7564005700667a3af3c /src/xz/file_io.c
parent	xz: Fix decompressor behavior if input uses an unsupported check type. (diff)
download	xz-563288ea705e83ff5cb292adf794650c263bca1d.tar.xz