qbit/widdler
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

switch to using ReducePledges

Browse Source
This commit is contained in:
Aaron Bieber 2021-07-08 19:05:28 -06:00
parent 3deceffa01
commit 3849f2ba51
3 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -5,5 +5,5 @@ go 1.16
require ( require (
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
golang.org/x/net v0.0.0-20210510120150-4163338589ed golang.org/x/net v0.0.0-20210510120150-4163338589ed
suah.dev/protect v1.0.0 suah.dev/protect v1.1.0
) )

4
go.sum
View File

@ -12,5 +12,5 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
suah.dev/protect v1.0.0 h1:X8pzDvDIZIiugmkmr6DES6JFO1XUdJWi34Ffmk6CMZY= suah.dev/protect v1.1.0 h1:C24D67UlFap5t/A29Meo7V7xLdjkaFAxSQMa5yG8sS4=
suah.dev/protect v1.0.0/go.mod h1:ZSgyBM30JUwhVPWJzVHh0jlu5W6Qz1VR6tIhAzqJZ9Y= suah.dev/protect v1.1.0/go.mod h1:ZSgyBM30JUwhVPWJzVHh0jlu5W6Qz1VR6tIhAzqJZ9Y=

9
main.go
View File

@ -70,6 +70,8 @@ var (
users map[string]string users map[string]string
) )
var pledges = "stdio wpath rpath cpath tty inet dns unveil"
func init() { func init() {
users = make(map[string]string) users = make(map[string]string)
handlers = make(map[string]userHandlers) handlers = make(map[string]userHandlers)
@ -92,7 +94,7 @@ func init() {
_ = protect.Unveil(davDir, "rwc") _ = protect.Unveil(davDir, "rwc")
_ = protect.Unveil("/etc/ssl/cert.pem", "r") _ = protect.Unveil("/etc/ssl/cert.pem", "r")
_ = protect.Unveil("/etc/resolv.conf", "r") _ = protect.Unveil("/etc/resolv.conf", "r")
_ = protect.Pledge("stdio wpath rpath cpath tty inet dns unveil") _ = protect.Pledge(pledges)
templ, err = template.New("landing").Parse(landingPage) templ, err = template.New("landing").Parse(landingPage)
if err != nil { if err != nil {
@ -157,7 +159,7 @@ func prompt(prompt string, secure bool) (string, error) {
} }
func main() { func main() {
_ = protect.Pledge("stdio wpath rpath cpath inet dns unveil") var pledges = "stdio wpath rpath cpath tty inet dns unveil"
if genHtpass { if genHtpass {
user, err := prompt("Username: ", false) user, err := prompt("Username: ", false)
@ -190,10 +192,11 @@ func main() {
os.Exit(0) os.Exit(0)
} }
pledges, _ = protect.ReducePledges(pledges, "tty")
// drop to only read on passPath // drop to only read on passPath
_ = protect.Unveil(passPath, "r") _ = protect.Unveil(passPath, "r")
_ = protect.Pledge("stdio wpath rpath cpath inet dns") pledges, _ = protect.ReducePledges(pledges, "unveil")
_, fErr := os.Stat(passPath) _, fErr := os.Stat(passPath)
if os.IsNotExist(fErr) { if os.IsNotExist(fErr) {