1 // Copyright 2016 The Go Authors. All rights reserved.

     2 // Use of this source code is governed by a BSD-style

     3 // license that can be found in the LICENSE file.

     4 

     5 // +build openbsd

     6 // +build 386 amd64 arm

     7 

     8 package unix

     9 

    10 import (

    11 	"errors"

    12 	"fmt"

    13 	"strconv"

    14 	"syscall"

    15 	"unsafe"

    16 )

    17 

    18 const (

    19 	_SYS_PLEDGE = 108

    20 )

    21 

    22 // Pledge implements the pledge syscall.

    23 //

    24 // The pledge syscall does not accept execpromises on OpenBSD releases

    25 // before 6.3.

    26 //

    27 // execpromises must be empty when Pledge is called on OpenBSD

    28 // releases predating 6.3, otherwise an error will be returned.

    29 //

    30 // For more information see pledge(2).

    31 func Pledge(promises, execpromises string) error {

    32 	maj, min, err := majmin()

    33 	if err != nil {

    34 		return err

    35 	}

    36 

    37 	// If OpenBSD <= 5.9, pledge is not available.

    38 	if (maj == 5 && min != 9) || maj < 5 {

    39 		return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)

    40 	}

    41 

    42 	// If OpenBSD <= 6.2 and execpromises is not empty

    43 	// return an error - execpromises is not available before 6.3

    44 	if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {

    45 		return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)

    46 	}

    47 

    48 	pptr, err := syscall.BytePtrFromString(promises)

    49 	if err != nil {

    50 		return err

    51 	}

    52 

    53 	// This variable will hold either a nil unsafe.Pointer or

    54 	// an unsafe.Pointer to a string (execpromises).

    55 	var expr unsafe.Pointer

    56 

    57 	// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.

    58 	if maj > 6 || (maj == 6 && min > 2) {

    59 		exptr, err := syscall.BytePtrFromString(execpromises)

    60 		if err != nil {

    61 			return err

    62 		}

    63 		expr = unsafe.Pointer(exptr)

    64 	}

    65 

    66 	_, _, e := syscall.Syscall(_SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)

    67 	if e != 0 {

    68 		return e

    69 	}

    70 

    71 	return nil

    72 }

    73 

    74 // majmin returns major and minor version number for an OpenBSD system.

    75 func majmin() (major int, minor int, err error) {

    76 	var v Utsname

    77 	err = Uname(&v)

    78 	if err != nil {

    79 		return

    80 	}

    81 

    82 	major, err = strconv.Atoi(string(v.Release[0]))

    83 	if err != nil {

    84 		err = errors.New("cannot parse major version number returned by uname")

    85 		return

    86 	}

    87 

    88 	minor, err = strconv.Atoi(string(v.Release[2]))

    89 	if err != nil {

    90 		err = errors.New("cannot parse minor version number returned by uname")

    91 		return

    92 	}

    93 

    94 	return

    95 }