mm(1): adds support for pledge(2) and unveil(2)

src/mm.rs

@@ -33,6 +33,16 @@ use getopt::GetOpt;
 use strerror::StrError;
 use sysexits::{ EX_IOERR, EX_USAGE };
 
+#[cfg(target_os="openbsd")] use sysexits::EX_OSERR;
+#[cfg(target_os="openbsd")] extern crate openbsd;
+#[cfg(target_os="openbsd")]
+use openbsd::{
+	Promises,
+	UnveilPerms,
+	pledge,
+	unveil,
+};
+
 use ArgMode::*;
 
 enum ArgMode { In, Out }
@@ -41,6 +51,14 @@ fn main() -> ExitCode {
 	let argv = args().collect::<Vec<_>>();
 	let usage = format!("Usage: {} [-aetu] [-i input] [-o output]", argv[0]);
 
+	if cfg!(target_os="openbsd") {
+		let promises = Promises::new("rpath stdio unveil");
+		if let Err(e) = pledge(Some(promises), None) {
+			eprintln!("{}: {}", argv[0], e.strerror());
+			return ExitCode::from(EX_OSERR as u8);
+		}
+	}
+
 	let mut a = false; /* append to the file */
 	let mut e = false; /* use stderr as an output */
 	let mut t = true; /* do not truncate the file before writing */
@@ -58,11 +76,29 @@ fn main() -> ExitCode {
 			Ok("t") => t = false,
 			Ok("i") => { /* add inputs */
 				let input = opt.arg().unwrap();
+
+				if cfg!(target_os="openbsd") {
+					let perms = UnveilPerms::new(vec!['r']);
+					if let Err(e) = unveil(Some(&input), Some(perms)) {
+						eprintln!("{}: {}", argv[0], e.strerror());
+						return ExitCode::from(EX_OSERR as u8);
+					}
+				}
+
 				ins.push(input);
 				mode = Some(In); /* latest argument == -i */
 			},
 			Ok("o") => { /* add output */
 				let output = opt.arg().unwrap(); 
+
+				if cfg!(target_os="openbsd") {
+					let perms = UnveilPerms::new(vec!['w', 'c']);
+					if let Err(e) = unveil(Some(&output), Some(perms)) {
+						eprintln!("{}: {}", argv[0], e.strerror());
+						return ExitCode::from(EX_OSERR as u8);
+					}
+				}
+
 				outs.push(output);
 				mode = Some(Out); /* latest argument == -o */
 			},
@@ -86,11 +122,17 @@ fn main() -> ExitCode {
 				Out => outs.push(arg.to_string()),
 			};
 		}
-	} else {
-		eprintln!("{}", usage);
-		return ExitCode::from(EX_USAGE as u8);
 	}
 
+	if cfg!(target_os="openbsd") {
+		if let Err(e) = unveil(None, None) {
+			eprintln!("{}: {}", argv[0], e.strerror());
+			return ExitCode::from(EX_OSERR as u8);
+		}
+	}
+
+	println!("{:?}", ins);
+
 	/* use stdin if no inputs are specified */
 	if ins.is_empty() { ins.push("-".to_string()); }