switch to using ReducePledges
This commit is contained in:
parent
3deceffa01
commit
3849f2ba51
2
go.mod
2
go.mod
@ -5,5 +5,5 @@ go 1.16
|
||||
require (
|
||||
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
|
||||
golang.org/x/net v0.0.0-20210510120150-4163338589ed
|
||||
suah.dev/protect v1.0.0
|
||||
suah.dev/protect v1.1.0
|
||||
)
|
||||
|
||||
4
go.sum
4
go.sum
@ -12,5 +12,5 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
suah.dev/protect v1.0.0 h1:X8pzDvDIZIiugmkmr6DES6JFO1XUdJWi34Ffmk6CMZY=
|
||||
suah.dev/protect v1.0.0/go.mod h1:ZSgyBM30JUwhVPWJzVHh0jlu5W6Qz1VR6tIhAzqJZ9Y=
|
||||
suah.dev/protect v1.1.0 h1:C24D67UlFap5t/A29Meo7V7xLdjkaFAxSQMa5yG8sS4=
|
||||
suah.dev/protect v1.1.0/go.mod h1:ZSgyBM30JUwhVPWJzVHh0jlu5W6Qz1VR6tIhAzqJZ9Y=
|
||||
|
||||
9
main.go
9
main.go
@ -70,6 +70,8 @@ var (
|
||||
users map[string]string
|
||||
)
|
||||
|
||||
var pledges = "stdio wpath rpath cpath tty inet dns unveil"
|
||||
|
||||
func init() {
|
||||
users = make(map[string]string)
|
||||
handlers = make(map[string]userHandlers)
|
||||
@ -92,7 +94,7 @@ func init() {
|
||||
_ = protect.Unveil(davDir, "rwc")
|
||||
_ = protect.Unveil("/etc/ssl/cert.pem", "r")
|
||||
_ = protect.Unveil("/etc/resolv.conf", "r")
|
||||
_ = protect.Pledge("stdio wpath rpath cpath tty inet dns unveil")
|
||||
_ = protect.Pledge(pledges)
|
||||
|
||||
templ, err = template.New("landing").Parse(landingPage)
|
||||
if err != nil {
|
||||
@ -157,7 +159,7 @@ func prompt(prompt string, secure bool) (string, error) {
|
||||
}
|
||||
|
||||
func main() {
|
||||
_ = protect.Pledge("stdio wpath rpath cpath inet dns unveil")
|
||||
var pledges = "stdio wpath rpath cpath tty inet dns unveil"
|
||||
|
||||
if genHtpass {
|
||||
user, err := prompt("Username: ", false)
|
||||
@ -190,10 +192,11 @@ func main() {
|
||||
|
||||
os.Exit(0)
|
||||
}
|
||||
pledges, _ = protect.ReducePledges(pledges, "tty")
|
||||
|
||||
// drop to only read on passPath
|
||||
_ = protect.Unveil(passPath, "r")
|
||||
_ = protect.Pledge("stdio wpath rpath cpath inet dns")
|
||||
pledges, _ = protect.ReducePledges(pledges, "unveil")
|
||||
|
||||
_, fErr := os.Stat(passPath)
|
||||
if os.IsNotExist(fErr) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user