Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unix: use libc stubs for OpenBSD pledge+unveil #146

Closed
wants to merge 4 commits into from
Closed

unix: use libc stubs for OpenBSD pledge+unveil #146

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
504bf5b
unix: use libc stubs for OpenBSD pledge+unveil
jrick Nov 2, 2023
56eca24
regenerate syscalls for all openbsd ports
jrick Nov 2, 2023
6607d46
remove now unnecessary comment about openbsd <=6.3
jrick Nov 2, 2023
ebc0461
whack more useless comments
jrick Nov 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
40 changes: 7 additions & 33 deletions unix/pledge_openbsd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ import (
"errors"
"fmt"
"strconv"
"syscall"
"unsafe"
)

// Pledge implements the pledge syscall.
Expand All @@ -24,23 +22,17 @@ func Pledge(promises, execpromises string) error {
return err
}

pptr, err := syscall.BytePtrFromString(promises)
pptr, err := BytePtrFromString(promises)
if err != nil {
return err
}

exptr, err := syscall.BytePtrFromString(execpromises)
exptr, err := BytePtrFromString(execpromises)
if err != nil {
return err
}

_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)),
uintptr(unsafe.Pointer(exptr)), 0)
if e != 0 {
return e
}

return nil
return pledge(pptr, exptr)
}

// PledgePromises implements the pledge syscall.
Expand All @@ -53,21 +45,12 @@ func PledgePromises(promises string) error {
return err
}

// This variable holds the execpromises and is always nil.
var expr unsafe.Pointer

pptr, err := syscall.BytePtrFromString(promises)
pptr, err := BytePtrFromString(promises)
if err != nil {
return err
}

_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)),
uintptr(expr), 0)
if e != 0 {
return e
}

return nil
return pledge(pptr, nil)
}

// PledgeExecpromises implements the pledge syscall.
Expand All @@ -80,21 +63,12 @@ func PledgeExecpromises(execpromises string) error {
return err
}

// This variable holds the promises and is always nil.
var pptr unsafe.Pointer

exptr, err := syscall.BytePtrFromString(execpromises)
exptr, err := BytePtrFromString(execpromises)
if err != nil {
return err
}

_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr),
uintptr(unsafe.Pointer(exptr)), 0)
if e != 0 {
return e
}

return nil
return pledge(nil, exptr)
}

// majmin returns major and minor version number for an OpenBSD system.
Expand Down
2 changes: 2 additions & 0 deletions unix/syscall_openbsd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -327,3 +327,5 @@ func Uname(uname *Utsname) error {
//sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
//sys munmap(addr uintptr, length uintptr) (err error)
//sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
//sys pledge(promises *byte, execpromises *byte) (err error)
//sys unveil(path *byte, flags *byte) (err error)
24 changes: 5 additions & 19 deletions unix/unveil_openbsd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,7 @@

package unix

import (
"fmt"
"syscall"
"unsafe"
)
import "fmt"

// Unveil implements the unveil syscall.
// For more information see unveil(2).
Expand All @@ -18,19 +14,15 @@ func Unveil(path string, flags string) error {
if err := supportsUnveil(); err != nil {
return err
}
pathPtr, err := syscall.BytePtrFromString(path)
pathPtr, err := BytePtrFromString(path)
if err != nil {
return err
}
flagsPtr, err := syscall.BytePtrFromString(flags)
flagsPtr, err := BytePtrFromString(flags)
if err != nil {
return err
}
_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
if e != 0 {
return e
}
return nil
return unveil(pathPtr, flagsPtr)
}

// UnveilBlock blocks future unveil calls.
Expand All @@ -39,13 +31,7 @@ func UnveilBlock() error {
if err := supportsUnveil(); err != nil {
return err
}
// Both pointers must be nil.
var pathUnsafe, flagsUnsafe unsafe.Pointer
_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
if e != 0 {
return e
}
return nil
return unveil(nil, nil)
}

// supportsUnveil checks for availability of the unveil(2) system call based
Expand Down
30 changes: 30 additions & 0 deletions unix/zsyscall_openbsd_386.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions unix/zsyscall_openbsd_386.s
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_utimensat(SB)
GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4
DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)

TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_pledge(SB)
GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4
DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)

TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_unveil(SB)
GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4
DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
30 changes: 30 additions & 0 deletions unix/zsyscall_openbsd_amd64.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions unix/zsyscall_openbsd_amd64.s
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_utimensat(SB)
GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8
DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)

TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_pledge(SB)
GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8
DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)

TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_unveil(SB)
GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8
DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
30 changes: 30 additions & 0 deletions unix/zsyscall_openbsd_arm.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions unix/zsyscall_openbsd_arm.s
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_utimensat(SB)
GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4
DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)

TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_pledge(SB)
GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4
DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)

TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_unveil(SB)
GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4
DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
30 changes: 30 additions & 0 deletions unix/zsyscall_openbsd_arm64.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions unix/zsyscall_openbsd_arm64.s
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_utimensat(SB)
GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8
DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)

TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_pledge(SB)
GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8
DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)

TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_unveil(SB)
GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8
DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
30 changes: 30 additions & 0 deletions unix/zsyscall_openbsd_mips64.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions unix/zsyscall_openbsd_mips64.s
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_utimensat(SB)
GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8
DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)

TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_pledge(SB)
GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8
DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)

TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_unveil(SB)
GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8
DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)