From 504bf5bfeb528a8987972ddfb5e399e3fcb95332 Mon Sep 17 00:00:00 2001 From: Josh Rickmar Date: Thu, 2 Nov 2023 01:18:47 +0000 Subject: [PATCH 1/4] unix: use libc stubs for OpenBSD pledge+unveil For both compatibility and security concerns, it is preferrable to perform system calls through the libc stubs rather than syscall(2). Besides making programs resilient to changing system call numbers, it removes an unnecessary use of the syscall(2) call which, if found by an attacker, could be abused to perform any system call. As OpenBSD 6.2 is the oldest supported version of OpenBSD, remove the handling of pledge on versions prior to this release. PledgeExecpromises is no longer usable on 6.2, as the execpromises is treated as required (unlike Pledge, where on 6.2 it is allowed but must be empty). The empty execpromises string is no longer converted to a nil pointer on 6.2. This fixes an out-of-bounds read where, on 6.2, an empty string would be passed to the deprecated pledge(2) API, which would interpret the pointer as an array of strings. --- unix/pledge_openbsd.go | 43 ++++++++-------------------------- unix/syscall_openbsd.go | 2 ++ unix/unveil_openbsd.go | 28 +++++++--------------- unix/zsyscall_openbsd_386.go | 28 ++++++++++++++++++++++ unix/zsyscall_openbsd_386.s | 10 ++++++++ unix/zsyscall_openbsd_amd64.go | 28 ++++++++++++++++++++++ unix/zsyscall_openbsd_amd64.s | 10 ++++++++ 7 files changed, 97 insertions(+), 52 deletions(-) diff --git a/unix/pledge_openbsd.go b/unix/pledge_openbsd.go index a614929fdc..80de6dc87d 100644 --- a/unix/pledge_openbsd.go +++ b/unix/pledge_openbsd.go @@ -8,8 +8,6 @@ import ( "errors" "fmt" "strconv" - "syscall" - "unsafe" ) // Pledge implements the pledge syscall. @@ -24,23 +22,17 @@ func Pledge(promises, execpromises string) error { return err } - pptr, err := syscall.BytePtrFromString(promises) + pptr, err := BytePtrFromString(promises) if err != nil { return err } - exptr, err := syscall.BytePtrFromString(execpromises) + exptr, err := BytePtrFromString(execpromises) if err != nil { return err } - _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), - uintptr(unsafe.Pointer(exptr)), 0) - if e != 0 { - return e - } - - return nil + return pledge(pptr, exptr) } // PledgePromises implements the pledge syscall. @@ -53,48 +45,33 @@ func PledgePromises(promises string) error { return err } - // This variable holds the execpromises and is always nil. - var expr unsafe.Pointer - - pptr, err := syscall.BytePtrFromString(promises) + pptr, err := BytePtrFromString(promises) if err != nil { return err } - _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), - uintptr(expr), 0) - if e != 0 { - return e - } - - return nil + return pledge(pptr, nil) } // PledgeExecpromises implements the pledge syscall. // // This changes the execpromises and leaves the promises untouched. // +// The pledge syscall does not accept execpromises on OpenBSD releases +// before 6.3. +// // For more information see pledge(2). func PledgeExecpromises(execpromises string) error { if err := pledgeAvailable(); err != nil { return err } - // This variable holds the promises and is always nil. - var pptr unsafe.Pointer - - exptr, err := syscall.BytePtrFromString(execpromises) + exptr, err := BytePtrFromString(execpromises) if err != nil { return err } - _, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), - uintptr(unsafe.Pointer(exptr)), 0) - if e != 0 { - return e - } - - return nil + return pledge(nil, exptr) } // majmin returns major and minor version number for an OpenBSD system. diff --git a/unix/syscall_openbsd.go b/unix/syscall_openbsd.go index 6f34479b59..748377c7ae 100644 --- a/unix/syscall_openbsd.go +++ b/unix/syscall_openbsd.go @@ -327,3 +327,5 @@ func Uname(uname *Utsname) error { //sys mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) //sys munmap(addr uintptr, length uintptr) (err error) //sys utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) +//sys pledge(promises *byte, execpromises *byte) (err error) +//sys unveil(path *byte, flags *byte) (err error) diff --git a/unix/unveil_openbsd.go b/unix/unveil_openbsd.go index 2a885187d2..c6c63b633e 100644 --- a/unix/unveil_openbsd.go +++ b/unix/unveil_openbsd.go @@ -4,48 +4,38 @@ package unix -import ( - "fmt" - "syscall" - "unsafe" -) +import "fmt" // Unveil implements the unveil syscall. // For more information see unveil(2). // Note that the special case of blocking further // unveil calls is handled by UnveilBlock. +// +// Unveil requires OpenBSD 6.4 or later. func Unveil(path string, flags string) error { if err := supportsUnveil(); err != nil { return err } - pathPtr, err := syscall.BytePtrFromString(path) + pathPtr, err := BytePtrFromString(path) if err != nil { return err } - flagsPtr, err := syscall.BytePtrFromString(flags) + flagsPtr, err := BytePtrFromString(flags) if err != nil { return err } - _, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0) - if e != 0 { - return e - } - return nil + return unveil(pathPtr, flagsPtr) } // UnveilBlock blocks future unveil calls. // For more information see unveil(2). +// +// Unveil requires OpenBSD 6.4 or later. func UnveilBlock() error { if err := supportsUnveil(); err != nil { return err } - // Both pointers must be nil. - var pathUnsafe, flagsUnsafe unsafe.Pointer - _, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0) - if e != 0 { - return e - } - return nil + return unveil(nil, nil) } // supportsUnveil checks for availability of the unveil(2) system call based diff --git a/unix/zsyscall_openbsd_386.go b/unix/zsyscall_openbsd_386.go index 9da3ec3772..e94bd77219 100644 --- a/unix/zsyscall_openbsd_386.go +++ b/unix/zsyscall_openbsd_386.go @@ -2228,3 +2228,31 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" diff --git a/unix/zsyscall_openbsd_386.s b/unix/zsyscall_openbsd_386.s index 3dcacd30d7..5cb7c451ba 100644 --- a/unix/zsyscall_openbsd_386.s +++ b/unix/zsyscall_openbsd_386.s @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB) diff --git a/unix/zsyscall_openbsd_amd64.go b/unix/zsyscall_openbsd_amd64.go index cc273c4126..b7074be04a 100644 --- a/unix/zsyscall_openbsd_amd64.go +++ b/unix/zsyscall_openbsd_amd64.go @@ -2228,3 +2228,31 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" diff --git a/unix/zsyscall_openbsd_amd64.s b/unix/zsyscall_openbsd_amd64.s index 2763620b01..316c47e837 100644 --- a/unix/zsyscall_openbsd_amd64.s +++ b/unix/zsyscall_openbsd_amd64.s @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) From 56eca24cd441e46d0a7e982dc204f3505e435b03 Mon Sep 17 00:00:00 2001 From: Josh Rickmar Date: Thu, 2 Nov 2023 01:18:48 +0000 Subject: [PATCH 2/4] regenerate syscalls for all openbsd ports --- unix/zsyscall_openbsd_386.go | 2 ++ unix/zsyscall_openbsd_amd64.go | 2 ++ unix/zsyscall_openbsd_arm.go | 30 ++++++++++++++++++++++++++++++ unix/zsyscall_openbsd_arm.s | 10 ++++++++++ unix/zsyscall_openbsd_arm64.go | 30 ++++++++++++++++++++++++++++++ unix/zsyscall_openbsd_arm64.s | 10 ++++++++++ unix/zsyscall_openbsd_mips64.go | 30 ++++++++++++++++++++++++++++++ unix/zsyscall_openbsd_mips64.s | 10 ++++++++++ unix/zsyscall_openbsd_ppc64.go | 30 ++++++++++++++++++++++++++++++ unix/zsyscall_openbsd_ppc64.s | 12 ++++++++++++ unix/zsyscall_openbsd_riscv64.go | 30 ++++++++++++++++++++++++++++++ unix/zsyscall_openbsd_riscv64.s | 10 ++++++++++ 12 files changed, 206 insertions(+) diff --git a/unix/zsyscall_openbsd_386.go b/unix/zsyscall_openbsd_386.go index e94bd77219..63b4aac8de 100644 --- a/unix/zsyscall_openbsd_386.go +++ b/unix/zsyscall_openbsd_386.go @@ -2256,3 +2256,5 @@ func unveil(path *byte, flags *byte) (err error) { var libc_unveil_trampoline_addr uintptr //go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/unix/zsyscall_openbsd_amd64.go b/unix/zsyscall_openbsd_amd64.go index b7074be04a..d6c4145812 100644 --- a/unix/zsyscall_openbsd_amd64.go +++ b/unix/zsyscall_openbsd_amd64.go @@ -2256,3 +2256,5 @@ func unveil(path *byte, flags *byte) (err error) { var libc_unveil_trampoline_addr uintptr //go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/unix/zsyscall_openbsd_arm.go b/unix/zsyscall_openbsd_arm.go index fa34e22e3b..4e22b7563c 100644 --- a/unix/zsyscall_openbsd_arm.go +++ b/unix/zsyscall_openbsd_arm.go @@ -2228,3 +2228,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/unix/zsyscall_openbsd_arm.s b/unix/zsyscall_openbsd_arm.s index c922314048..e1d81bf9c4 100644 --- a/unix/zsyscall_openbsd_arm.s +++ b/unix/zsyscall_openbsd_arm.s @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $4 DATA ·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $4 +DATA ·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $4 +DATA ·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB) diff --git a/unix/zsyscall_openbsd_arm64.go b/unix/zsyscall_openbsd_arm64.go index ab61221477..1de4158620 100644 --- a/unix/zsyscall_openbsd_arm64.go +++ b/unix/zsyscall_openbsd_arm64.go @@ -2228,3 +2228,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/unix/zsyscall_openbsd_arm64.s b/unix/zsyscall_openbsd_arm64.s index a6bc32c922..a738118a4f 100644 --- a/unix/zsyscall_openbsd_arm64.s +++ b/unix/zsyscall_openbsd_arm64.s @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) diff --git a/unix/zsyscall_openbsd_mips64.go b/unix/zsyscall_openbsd_mips64.go index 3882790a52..303b07534d 100644 --- a/unix/zsyscall_openbsd_mips64.go +++ b/unix/zsyscall_openbsd_mips64.go @@ -2228,3 +2228,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/unix/zsyscall_openbsd_mips64.s b/unix/zsyscall_openbsd_mips64.s index b4e7bceabf..d794e06ce0 100644 --- a/unix/zsyscall_openbsd_mips64.s +++ b/unix/zsyscall_openbsd_mips64.s @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) diff --git a/unix/zsyscall_openbsd_ppc64.go b/unix/zsyscall_openbsd_ppc64.go index 172ba7f62c..de74432ec3 100644 --- a/unix/zsyscall_openbsd_ppc64.go +++ b/unix/zsyscall_openbsd_ppc64.go @@ -2228,3 +2228,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/unix/zsyscall_openbsd_ppc64.s b/unix/zsyscall_openbsd_ppc64.s index ca3f766009..2a31baebd8 100644 --- a/unix/zsyscall_openbsd_ppc64.s +++ b/unix/zsyscall_openbsd_ppc64.s @@ -806,3 +806,15 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 RET GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_pledge(SB) + RET +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + CALL libc_unveil(SB) + RET +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) diff --git a/unix/zsyscall_openbsd_riscv64.go b/unix/zsyscall_openbsd_riscv64.go index fd8e6f62fa..be39bcf100 100644 --- a/unix/zsyscall_openbsd_riscv64.go +++ b/unix/zsyscall_openbsd_riscv64.go @@ -2228,3 +2228,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error var libc_utimensat_trampoline_addr uintptr //go:cgo_import_dynamic libc_utimensat utimensat "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func pledge(promises *byte, execpromises *byte) (err error) { + _, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_pledge_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_pledge pledge "libc.so" + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func unveil(path *byte, flags *byte) (err error) { + _, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +var libc_unveil_trampoline_addr uintptr + +//go:cgo_import_dynamic libc_unveil unveil "libc.so" + + diff --git a/unix/zsyscall_openbsd_riscv64.s b/unix/zsyscall_openbsd_riscv64.s index 477a7d5b21..27130c6f3f 100644 --- a/unix/zsyscall_openbsd_riscv64.s +++ b/unix/zsyscall_openbsd_riscv64.s @@ -672,3 +672,13 @@ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0 JMP libc_utimensat(SB) GLOBL ·libc_utimensat_trampoline_addr(SB), RODATA, $8 DATA ·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB) + +TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_pledge(SB) +GLOBL ·libc_pledge_trampoline_addr(SB), RODATA, $8 +DATA ·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB) + +TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0 + JMP libc_unveil(SB) +GLOBL ·libc_unveil_trampoline_addr(SB), RODATA, $8 +DATA ·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB) From 6607d4640af0def39474d7c5c3c7a177ded062cb Mon Sep 17 00:00:00 2001 From: Josh Rickmar Date: Thu, 2 Nov 2023 01:18:48 +0000 Subject: [PATCH 3/4] remove now unnecessary comment about openbsd <=6.3 --- unix/pledge_openbsd.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/unix/pledge_openbsd.go b/unix/pledge_openbsd.go index 80de6dc87d..6a09af53e6 100644 --- a/unix/pledge_openbsd.go +++ b/unix/pledge_openbsd.go @@ -57,9 +57,6 @@ func PledgePromises(promises string) error { // // This changes the execpromises and leaves the promises untouched. // -// The pledge syscall does not accept execpromises on OpenBSD releases -// before 6.3. -// // For more information see pledge(2). func PledgeExecpromises(execpromises string) error { if err := pledgeAvailable(); err != nil { From ebc0461460297de6d4f677a48d3a361d7e620df0 Mon Sep 17 00:00:00 2001 From: Josh Rickmar Date: Thu, 2 Nov 2023 01:18:48 +0000 Subject: [PATCH 4/4] whack more useless comments --- unix/unveil_openbsd.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/unix/unveil_openbsd.go b/unix/unveil_openbsd.go index c6c63b633e..cb7e598cef 100644 --- a/unix/unveil_openbsd.go +++ b/unix/unveil_openbsd.go @@ -10,8 +10,6 @@ import "fmt" // For more information see unveil(2). // Note that the special case of blocking further // unveil calls is handled by UnveilBlock. -// -// Unveil requires OpenBSD 6.4 or later. func Unveil(path string, flags string) error { if err := supportsUnveil(); err != nil { return err @@ -29,8 +27,6 @@ func Unveil(path string, flags string) error { // UnveilBlock blocks future unveil calls. // For more information see unveil(2). -// -// Unveil requires OpenBSD 6.4 or later. func UnveilBlock() error { if err := supportsUnveil(); err != nil { return err