commit 8fd966b47dbdd4faa03de0d06e3d733baeb9a1a9 log] tgz] author Yestin <ylh@pdx.edu> Sun Apr 10 12:02:41 2016 -0700 committer Brad Fitzpatrick <bradfitz@golang.org> Wed Mar 22 23:48:10 2017 +0000 tree 37d4402097ba992963089254c6e41c8c94f0f204 parent 99f16d856c9836c42d24e7ab64ea72916925fa97 diff]

unix: add support for OpenBSD pledge Pledge, the privilege-restricting syscall and mitigation mechanism, was missing from syscall_openbsd.go. As of the latest release, it is officially supported in "stable". More information about the call itself, and hence its importance, can be found at: http://www.openbsd.org/papers/hackfest2015-pledge/mgp00001.html Change-Id: I2fdac1968664668e7bea1175677efe6433e0125e Reviewed-on: https://go-review.googlesource.com/21815 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/unix/openbsd_pledge.go b/unix/openbsd_pledge.go new file mode 100644 index 0000000..db4f72e --- /dev/null +++ b/unix/openbsd_pledge.go

@@ -0,0 +1,38 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build openbsd +// +build 386 amd64 arm + +package unix + +import ( + "syscall" + "unsafe" +) + +const ( + SYS_PLEDGE = 108 +) + +// Pledge implements the pledge syscall. For more information see pledge(2). +func Pledge(promises string, paths []string) error { + promisesPtr, err := syscall.BytePtrFromString(promises) + if err != nil { + return err + } + promisesUnsafe, pathsUnsafe := unsafe.Pointer(promisesPtr), unsafe.Pointer(nil) + if paths != nil { + var pathsPtr []*byte + if pathsPtr, err = syscall.SlicePtrFromStrings(paths); err != nil { + return err + } + pathsUnsafe = unsafe.Pointer(&pathsPtr[0]) + } + _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(promisesUnsafe), uintptr(pathsUnsafe), 0) + if e != 0 { + return e + } + return nil +}

diff --git a/unix/openbsd_test.go b/unix/openbsd_test.go new file mode 100644 index 0000000..734d765 --- /dev/null +++ b/unix/openbsd_test.go