Skip to content

Commit

Permalink
unveil(2) the few paths unless commands are run
Browse files Browse the repository at this point in the history
In case nothing is to be executed at runtime, lock down filesystem access
down to
- write/create metadata pipe/cache
- read/rwite D-Bus socket
- read glib2 locales

If D-Bus setup were to happen earlier, we'd be able to ignore that
entirely (socket already opened) at this point and, iff metadata is off,
drop "wpath" as well, i.e. run with nothing but read-only locales.
  • Loading branch information
klemensn committed Feb 1, 2024
1 parent 24b30fa commit 0372801
Showing 1 changed file with 37 additions and 6 deletions.
43 changes: 37 additions & 6 deletions shairport.c
Original file line number Diff line number Diff line change
Expand Up @@ -1931,7 +1931,7 @@ void _display_config(const char *filename, const int linenumber, __attribute__((
int main(int argc, char **argv) {
#ifdef COMPILE_FOR_OPENBSD
/* Start with the superset of all potentially required promises. */
if (pledge("stdio rpath wpath cpath dpath inet unix dns proc exec audio", NULL) == -1)
if (pledge("stdio rpath wpath cpath dpath inet unix dns proc exec unveil audio", NULL) == -1)
die("pledge");
#endif

Expand Down Expand Up @@ -2122,7 +2122,7 @@ int main(int argc, char **argv) {
# else
if (!run_cmds)
#endif
if (pledge("stdio rpath wpath cpath dpath inet unix dns audio", NULL) == -1)
if (pledge("stdio rpath wpath cpath dpath inet unix dns unveil audio", NULL) == -1)
die("pledge");
#endif

Expand Down Expand Up @@ -2262,7 +2262,7 @@ int main(int argc, char **argv) {
# ifdef COMPILE_FOR_OPENBSD
/* Drop "proc exec", if possible. */
if (!run_cmds)
if (pledge("stdio rpath wpath cpath dpath inet unix dns audio", NULL) == -1)
if (pledge("stdio rpath wpath cpath dpath inet unix dns unveil audio", NULL) == -1)
die("pledge");
# endif

Expand Down Expand Up @@ -2392,19 +2392,50 @@ int main(int argc, char **argv) {
if (run_cmds) {
/* Do not bother with "*path" as long as "proc exec" can do everything. */
} else {
/*
* unveil(2) TODO:
* - assume system D-Bus, hoist setup/defer unveil
* - glib2 locale (not critical!)
* - MQTT?
*/
# if defined(CONFIG_DBUS_INTERFACE) || defined(CONFIG_MPRIS_INTERFACE)
if (unveil("/var/run/dbus/system_bus_socket", "rw") == -1)
die("unveil D-Bus");
# endif
if (unveil("/usr/local/share/locale", "r") == -1)
die("unveil locale");

/*
* Only coverart cache is created/written.
* Only metadata pipe is special.
*/
int need_cpath_dpath = 0;
# ifdef CONFIG_METADATA
if (config.metadata_enabled)
if (config.metadata_enabled) {
need_cpath_dpath = 1;
# ifdef CONFIG_METADATA_HUB
int do_cache =
config.cover_art_cache_dir != NULL &&
config.cover_art_cache_dir[0] != '\0';

if (do_cache)
if (unveil(config.cover_art_cache_dir, "wc") == -1)
die("unveil %s", config.cover_art_cache_dir);
# endif
if (unveil(config.metadata_pipename, "wc") == -1)
die("unveil %s", config.metadata_pipename);
}
# endif
/* Drop "cpath dpath". */
if (!need_cpath_dpath)

/* Drop "unveil". */
if (need_cpath_dpath) {
if (pledge("stdio rpath wpath cpath dpath inet unix dns audio", NULL) == -1)
die("pledge");
} else {
/* Drop "cpath dpath". */
if (pledge("stdio rpath wpath inet unix dns audio", NULL) == -1)
die("pledge");
}
}
#endif

Expand Down

0 comments on commit 0372801

Please sign in to comment.