Skip to content

Commit

Permalink
use unveil to restrict which programs could be executed
Browse files Browse the repository at this point in the history
  • Loading branch information
@semarie
semarie committed Nov 26, 2021
1 parent d7f1e90 commit 5a16728
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions sysclean.pl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,12 @@ sub init
my ($self) = @_;

use OpenBSD::Pledge;
use OpenBSD::Unveil;

unveil('/', 'r');
unveil('/usr/bin/locate', 'x');
unveil('/usr/sbin/rcctl', 'x');

pledge('rpath proc exec') || $self->err(1, "pledge");
$self->add_expected_base;
$self->add_expected_rcctl;
Expand Down

0 comments on commit 5a16728

Please sign in to comment.