From: Klemens Nanni <kn@openbsd.org>
Date: Sat, 27 Jan 2024 05:44:35 +0000 (+0100)
Subject: Hoist control socket handling, restrict runtime on OpenBSD
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e5f6943f8d3bdd86ed190d34e4f7b1028a1b005;p=thirdparty%2Fnqptp.git

Hoist control socket handling, restrict runtime on OpenBSD

Use pledge(2) to prevent fork/exec, filesystem access and other
unused subsets of system calls, effectively leaving only shared
memory and networking capabilities at runtime.

(Those might be further reduced, but that warrants further analysis
 and most likely more code shuffling.)
---

diff --git a/nqptp.c b/nqptp.c
index 88cf939..73b0d66 100644
--- a/nqptp.c
+++ b/nqptp.c
@@ -131,6 +131,11 @@ void termHandler(__attribute__((unused)) int k) {
 }
 
 int main(int argc, char **argv) {
+#ifdef CONFIG_FOR_OPENBSD
+  if (pledge("stdio rpath tmppath inet dns id", NULL) == -1) {
+    die("pledge: %s", strerror(errno));
+  }
+#endif
 
   int debug_level = 0;
   int i;
@@ -215,6 +220,10 @@ int main(int argc, char **argv) {
       setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
     die("cannot drop privileges to %s", shairport_user);
   }
+
+  if (pledge("stdio tmppath inet dns", NULL) == -1) {
+    die("pledge: %s", strerror(errno));
+  }
 #endif
 
   // open the SMI