mm(1): adds support for pledge(2) and unveil(2)

Makefile

@@ -16,6 +16,11 @@
 DESTDIR ?= dist
 PREFIX ?= /usr/local
 
+# for conditionally compiling OS features
+OS != uname
+OS_INCLUDE != test -e include/$(OS).mk && printf 'include/$(OS).mk\n' \
+	|| include/None.mk
+
 # normalized prefix
 PREFIX_N != dirname $(PREFIX)/.
 MANDIR != test $(PREFIX_N) = / && printf '/usr/share/man\n' \
@@ -26,8 +31,8 @@ SYSEXITS != printf '\043include <sysexits.h>\n' | cpp -M - | tr ' ' '\n' \
 CC ?= cc
 RUSTC ?= rustc
 RUSTFLAGS += --extern getopt=build/o/libgetopt.rlib \
-	--extern sysexits=build/o/libsysexits.rlib \
-	--extern strerror=build/o/libstrerror.rlib
+	--extern strerror=build/o/libstrerror.rlib \
+	--extern sysexits=build/o/libsysexits.rlib
 CFLAGS += -I$(SYSEXITS)
 
 # testing requires the absolute path to the bin directory set
@@ -74,9 +79,12 @@ docs: docs/ build
 		"s/X\.X\.X/$$(git describe --tags --long | cut -d'-' -f1)/g")"; \
 		sed "s/$$original/$$title/g" <"$$file" >"build/$$file"; done
 
+# include OS feature libraries for compilation
+include $(OS_INCLUDE)
+
 .PHONY: rustlibs
-rustlibs: build/o/libsysexits.rlib build/o/libgetopt.rlib \
-	build/o/libstrerror.rlib
+rustlibs: build/o/libgetopt.rlib build/o/libstrerror.rlib \
+	 build/o/libsysexits.rlib $(OSLIB)
 
 build/o/libgetopt.rlib: build src/libgetopt.rs
 	$(RUSTC) $(RUSTFLAGS) --crate-type=lib --crate-name=getopt \

include/FreeBSD.mk

@@ -0,0 +1,6 @@
+# Copyright (c) 2024 Emma Tebibyte <emma@tebibyte.media>
+# SPDX-License-Identifier: FSFAP
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice and this
+# notice are preserved.  This file is offered as-is, without any warranty.

include/OpenBSD.mk

@@ -0,0 +1,13 @@
+# Copyright (c) 2024 Emma Tebibyte <emma@tebibyte.media>
+# SPDX-License-Identifier: FSFAP
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice and this
+# notice are preserved.  This file is offered as-is, without any warranty.
+
+OSLIB = build/o/libopenbsd.rlib
+RUSTFLAGS += --extern openbsd=$(OSLIB)
+
+$(OSLIB): src/libopenbsd.rs
+	$(RUSTC) $(RUSTFLAGS) --crate-type=lib --crate-name=openbsd \
+		-o $@ src/libopenbsd.rs

src/dj.c

@@ -26,7 +26,8 @@
 #include <string.h> /* memcpy(3), memmove(3), memset(3) */
 #include <sysexits.h> /* EX_OK, EX_OSERR, EX_USAGE */
 #include <unistd.h> /* close(2), getopt(3), lseek(2), read(2), write(2),
-                     * optarg, optind, STDIN_FILENO, STDOUT_FILENO */
+                     * pledge(2), unveil(2), optarg, optind, STDIN_FILENO,
+					 * STDOUT_FILENO */
 #include <sys/stat.h> /* S_IRGRP, S_IROTH, S_IRUSR, S_IWGRP, S_IWOTH, S_IWUSR */
 
 char *program_name = "dj";
@@ -167,6 +168,12 @@ usage(char *argv0) {
 }
 
 int main(int argc, char *argv[]) {
+#ifdef __OpenBSD__
+	if (pledge("cpath rpath stdio unveil wpath", NULL) == -1) {
+		return oserr("pledge", errno);
+	}
+#endif
+
    	int align;    /* low 8b used, negative if no alignment is being done */
 	int count;    /* -1 if dj(1) runs until no more reads are possible */
 	char *fmt;    /* set to fmt_asv (default) or fmt_human (-H) */
@@ -208,6 +215,16 @@ int main(int argc, char *argv[]) {
 						break;
 					} else {
 						int fd;
+#ifdef __OpenBSD__
+						char *perms = "wc";
+
+						/* modify perms in-place to read-only */
+						if (i == 0) { perms = "r"; }
+
+						if (unveil(optarg, perms) == -1) {
+							return oserr("unveil", errno);
+						}
+#endif
 
 						if (
 							(fd = open(optarg, io[i].fl, creat_mode)) != -1
@@ -248,6 +265,9 @@ int main(int argc, char *argv[]) {
 			}
 		}
 	}
+#ifdef __OpenBSD__
+	if (unveil(NULL, NULL) == -1) { return oserr("unveil", errno); }
+#endif
 
 	assert(io->fd != STDIN_FILENO  || io->fl == read_flags);
 	assert(io->fd != STDOUT_FILENO || io->fl == write_flags);

src/false.c

@@ -1,9 +1,18 @@
 /*
- * Copyright (c) 2023 Emma Tebibyte <emma@tebibyte.media>
+ * Copyright (c) 2023–2024 Emma Tebibyte <emma@tebibyte.media>
  * SPDX-License-Identifier: CC0
  *
  * This work is marked with CC0 1.0. To view a copy of this license, visit
  * <http://creativecommons.org/publicdomain/zero/1.0>.
  */
 
-int main() { return 1; }
+#ifdef __OpenBSD__
+#	include <unistd.h> /* pledge(2) */
+#endif
+
+int main() {
+#ifdef __OpenBSD__
+	pledge(NULL, NULL);
+#endif
+return 1;
+}

src/fop.rs

@@ -30,11 +30,23 @@ use getopt::GetOpt;
 use strerror::StrError;
 use sysexits::{ EX_DATAERR, EX_IOERR, EX_UNAVAILABLE, EX_USAGE };
 
+#[cfg(target_os="openbsd")] use sysexits::EX_OSERR;
+#[cfg(target_os="openbsd")] extern crate openbsd;
+#[cfg(target_os="openbsd")] use openbsd::{ Promises, pledge };
+
 fn main() {
 	let argv = args().collect::<Vec<String>>();
 	let mut d = '\u{1E}'.to_string(); /* ASCII record separator */
 	let mut optind = 1;
 
+	if cfg!(target_os="openbsd") {
+		let promises = Promises::new("stdio proc exec");
+		if let Err(e) = pledge(Some(promises), None) {
+			eprintln!("{}: {}", argv[0], e.strerror());
+			exit(EX_OSERR);
+		}
+	}
+
 	let usage = format!(
 		"Usage: {} [-d delimiter] index command [args...]",
 		argv[0],

src/libopenbsd.rs

@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2024 Emma Tebibyte <emma@tebibyte.media>
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ *
+ * This program is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Affero General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see https://www.gnu.org/licenses/.
+ */
+
+use std::{
+	ffi::CString,
+	io::Error,
+	ptr::null,
+};
+
+mod openbsd {
+	use std::ffi::{ c_char, c_int };
+	extern "C" {
+		pub fn pledge(arg1: *const c_char, arg2: *const c_char) -> c_int;
+
+		pub fn unveil(arg1: *const c_char, arg2: *const c_char) -> c_int;
+
+		pub fn __errno() -> *mut c_int;
+	}
+}
+
+pub struct Promises(*const i8);
+
+impl Promises {
+	pub fn new(promises: &str) -> Self {
+		let p = CString::new(promises).unwrap();
+
+		Promises(p.into_raw() as *const i8)
+	}
+}
+
+pub fn pledge(
+	promises: Option<Promises>, execpromises: Option<Promises>
+) -> Result<(), Error> {
+	/* From pledge(2):
+	 *
+	 * Passing NULL to promises or execpromises specifies to not change
+	 * the current value. */
+	let arg1 = promises.unwrap_or(Promises(null())).0;
+	let arg2 = execpromises.unwrap_or(Promises(null())).0;
+
+	unsafe {
+		match openbsd::pledge(arg1, arg2) {
+			-1 => Err(Error::from_raw_os_error(*openbsd::__errno())),
+			0 => Ok(()),
+			_ => panic!(), /* unreachable */
+		}
+	}
+}
+
+pub struct UnveilPerms(CString);
+
+impl UnveilPerms {
+	pub fn new(permissions: Vec<char>) -> Self {
+		if permissions.is_empty() {
+			return UnveilPerms(CString::new("").unwrap());
+		}
+
+		UnveilPerms(
+			CString::new(permissions.iter().collect::<String>()).unwrap()
+		)
+	}
+}
+
+pub fn unveil(
+	path: Option<&str>,
+	permissions: Option<UnveilPerms>,
+) -> Result<(), Error> {
+	let path_c = path.map(CString::new).map(Result::unwrap);
+	let arg1 = path_c.map(|p| p.into_raw() as *const i8).unwrap_or(null());
+
+	let arg2 = permissions
+		.map(|p| p.0.into_raw() as *const i8)
+		.unwrap_or(null());
+
+	unsafe {
+		match openbsd::unveil(arg1, arg2) {
+			-1 => Err(Error::from_raw_os_error(*openbsd::__errno())),
+			0 => Ok(()),
+			_ => panic!(), /* unreachable */
+		}
+	}
+}

src/mm.rs

@@ -33,6 +33,16 @@ use getopt::GetOpt;
 use strerror::StrError;
 use sysexits::{ EX_IOERR, EX_USAGE };
 
+#[cfg(target_os="openbsd")] use sysexits::EX_OSERR;
+#[cfg(target_os="openbsd")] extern crate openbsd;
+#[cfg(target_os="openbsd")]
+use openbsd::{
+	Promises,
+	UnveilPerms,
+	pledge,
+	unveil,
+};
+
 use ArgMode::*;
 
 enum ArgMode { In, Out }
@@ -41,6 +51,14 @@ fn main() -> ExitCode {
 	let argv = args().collect::<Vec<_>>();
 	let usage = format!("Usage: {} [-aetu] [-i input] [-o output]", argv[0]);
 
+	if cfg!(target_os="openbsd") {
+		let promises = Promises::new("rpath stdio unveil");
+		if let Err(e) = pledge(Some(promises), None) {
+			eprintln!("{}: {}", argv[0], e.strerror());
+			return ExitCode::from(EX_OSERR as u8);
+		}
+	}
+
 	let mut a = false; /* append to the file */
 	let mut e = false; /* use stderr as an output */
 	let mut t = true; /* do not truncate the file before writing */
@@ -58,11 +76,29 @@ fn main() -> ExitCode {
 			Ok("t") => t = false,
 			Ok("i") => { /* add inputs */
 				let input = opt.arg().unwrap();
+
+				if cfg!(target_os="openbsd") {
+					let perms = UnveilPerms::new(vec!['r']);
+					if let Err(e) = unveil(Some(&input), Some(perms)) {
+						eprintln!("{}: {}", argv[0], e.strerror());
+						return ExitCode::from(EX_OSERR as u8);
+					}
+				}
+
 				ins.push(input);
 				mode = Some(In); /* latest argument == -i */
 			},
 			Ok("o") => { /* add output */
 				let output = opt.arg().unwrap(); 
+
+				if cfg!(target_os="openbsd") {
+					let perms = UnveilPerms::new(vec!['w', 'c']);
+					if let Err(e) = unveil(Some(&output), Some(perms)) {
+						eprintln!("{}: {}", argv[0], e.strerror());
+						return ExitCode::from(EX_OSERR as u8);
+					}
+				}
+
 				outs.push(output);
 				mode = Some(Out); /* latest argument == -o */
 			},
@@ -86,11 +122,17 @@ fn main() -> ExitCode {
 				Out => outs.push(arg.to_string()),
 			};
 		}
-	} else {
-		eprintln!("{}", usage);
-		return ExitCode::from(EX_USAGE as u8);
 	}
 
+	if cfg!(target_os="openbsd") {
+		if let Err(e) = unveil(None, None) {
+			eprintln!("{}: {}", argv[0], e.strerror());
+			return ExitCode::from(EX_OSERR as u8);
+		}
+	}
+
+	println!("{:?}", ins);
+
 	/* use stdin if no inputs are specified */
 	if ins.is_empty() { ins.push("-".to_string()); }
 

src/true.c

@@ -1,9 +1,17 @@
 /*
- * Copyright (c) 2023 Emma Tebibyte <emma@tebibyte.media>
+ * Copyright (c) 2023–2024 Emma Tebibyte <emma@tebibyte.media>
  * SPDX-License-Identifier: CC0
  *
  * This work is marked with CC0 1.0. To view a copy of this license, visit
  * <http://creativecommons.org/publicdomain/zero/1.0>.
  */
 
-int main() {}
+#ifdef __OpenBSD__
+#	include <unistd.h> /* pledge(2) */
+#endif
+
+int main() {
+#ifdef __OpenBSD__
+	pledge(NULL, NULL);
+#endif
+}