solene
/
home-impermanence
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

impermanence: secure the symlink operation using unveil

This commit is contained in:
Solene Rapenne 2022-03-15 21:11:57 +01:00
parent 7c90366688
commit c85a0e8797
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
impermanence.pl
View File

@ -10,6 +10,7 @@ use Data::Dumper;
use File::HomeDir;
use File::Path qw(make_path);
use Sys::Syslog qw(:standard :macros);
use OpenBSD::Unveil;
use 5.010;
my $verbose = 0;
@ -266,6 +267,16 @@ sub main {
if( $start ) {
mount_mfs($opts{u}, $impermanence_home, $data);
unveil($persist_home, "r");
unveil($impermanence_home, "rwc");
unveil("/etc/pwd.db", "r");
unveil("/dev/", "r");
foreach my $binary (qw| /sbin/mount_mfs /sbin/umount /bin/sh /sbin/swapctl /bin/df|) {
unveil($binary, "x");
}
unveil();
populate_ramdisk($data, $persist_home, $impermanence_home, $opts{u});
}