pledge yggdrasilctl

The CLI is simple, but parses config files and communicates over the network with arbitrary endpoints. Limit system operations to that is needed before doing anything and drop all priviledges after config file and socket handling is done, i.e. do parse and speak over the network completely unprivileged.
yggdrasil-network · Oct 20, 2024 · df345bd · df345bd
1 parent f7d0395
commit df345bd
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/cmd/yggdrasilctl/main.go b/cmd/yggdrasilctl/main.go
@@ -13,6 +13,8 @@ import (
 	"strings"
 	"time"
 
+	"suah.dev/protect"
+
 	"github.com/olekukonko/tablewriter"
 	"github.com/yggdrasil-network/yggdrasil-go/src/admin"
 	"github.com/yggdrasil-network/yggdrasil-go/src/core"
@@ -22,6 +24,11 @@ import (
 )
 
 func main() {
+	// read config, speak DNS/TCP and/or over a UNIX socket
+	if err := protect.Pledge("stdio rpath inet unix dns"); err != nil {
+		panic(err)
+	}
+
 	// makes sure we can use defer and still return an error code to the OS
 	os.Exit(run())
 }
@@ -78,6 +85,11 @@ func run() int {
 		panic(err)
 	}
 
+	// config and socket are done, work without unprivileges
+	if err := protect.Pledge("stdio"); err != nil {
+		panic(err)
+	}
+
 	logger.Println("Connected")
 	defer conn.Close()