xz: Add support for OpenBSD's pledge() sandbox.

author: Lasse Collin <lasse.collin@tukaani.org> 2022-10-25 21:11:58 +0300
committer: Lasse Collin <lasse.collin@tukaani.org> 2022-10-25 21:30:48 +0300
commit: 563288ea705e83ff5cb292adf794650c263bca1d (patch)
tree: 4e44dd5f1842361d331db7564005700667a3af3c /src/xz/main.c
parent: xz: Fix decompressor behavior if input uses an unsupported check type. (diff)
download: xz-563288ea705e83ff5cb292adf794650c263bca1d.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/src/xz/main.c b/src/xz/main.c
index ca8a4680..63e1780c 100644
--- a/src/xz/main.c
+++ b/src/xz/main.c
@@ -163,6 +163,19 @@ main(int argc, char **argv)
 	// on the command line, thus this must be done before args_parse().
 	hardware_init();
 
+#ifdef HAVE_PLEDGE
+	// OpenBSD's pledge() sandbox
+	//
+	// Unconditionally enable sandboxing with fairly relaxed promises.
+	// This is still way better than having no sandbox at all. :-)
+	// More strict promises will be made later in file_io.c if possible.
+	//
+	// This is done only after the above initializations
+	// as the error message needs locale support.
+	if (pledge("stdio rpath wpath cpath fattr", ""))
+		message_fatal(_("Failed to enable the sandbox"));
+#endif
+
 	// Parse the command line arguments and get an array of filenames.
 	// This doesn't return if something is wrong with the command line
 	// arguments. If there are no arguments, one filename ("-") is still
author	Lasse Collin <lasse.collin@tukaani.org>	2022-10-25 21:11:58 +0300
committer	Lasse Collin <lasse.collin@tukaani.org>	2022-10-25 21:30:48 +0300
commit	563288ea705e83ff5cb292adf794650c263bca1d (patch)
tree	4e44dd5f1842361d331db7564005700667a3af3c /src/xz/main.c
parent	xz: Fix decompressor behavior if input uses an unsupported check type. (diff)
download	xz-563288ea705e83ff5cb292adf794650c263bca1d.tar.xz