From f93e047f64c9d2566e8788d13183a3a5cffc5d50 Mon Sep 17 00:00:00 2001
From: octeep <octeep@pm.me>
Date: Thu, 31 Mar 2022 19:46:59 +0100
Subject: [PATCH] add pledge call on OpenBSD

---
 cmd/wireproxy/main.go | 21 ++++++++++++++++++++-
 go.mod                |  1 +
 go.sum                |  3 +++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/cmd/wireproxy/main.go b/cmd/wireproxy/main.go
index c668e9d..f3b5b9f 100644
--- a/cmd/wireproxy/main.go
+++ b/cmd/wireproxy/main.go
@@ -8,18 +8,29 @@ import (
 
 	"github.com/akamensky/argparse"
 	"github.com/octeep/wireproxy"
+	"suah.dev/protect"
 )
 
 const daemonProcess = "daemon-process"
 
+func pledgeOrPanic(promises string) {
+	err := protect.Pledge(promises)
+	if err != nil {
+		log.Panic(err)
+	}
+}
+
 func main() {
+	pledgeOrPanic("stdio rpath inet dns proc exec")
+
 	isDaemonProcess := len(os.Args) > 1 && os.Args[1] == daemonProcess
 	args := os.Args
 	if isDaemonProcess {
+		// remove proc and exec if they are not needed
+		pledgeOrPanic("stdio rpath inet dns")
 		args = []string{args[0]}
 		args = append(args, os.Args[2:]...)
 	}
-
 	parser := argparse.NewParser("wireproxy", "Userspace wireguard client for proxying")
 
 	config := parser.String("c", "config", &argparse.Options{Required: true, Help: "Path of configuration file"})
@@ -32,6 +43,11 @@ func main() {
 		return
 	}
 
+	if !*daemon {
+		// remove proc and exec if they are not needed
+		pledgeOrPanic("stdio rpath inet dns")
+	}
+
 	conf, err := wireproxy.ParseConfig(*config)
 	if err != nil {
 		log.Panic(err)
@@ -64,6 +80,9 @@ func main() {
 		return
 	}
 
+	// no file access is allowed from now on
+	pledgeOrPanic("stdio inet dns")
+
 	tnet, err := wireproxy.StartWireguard(conf.Device)
 	if err != nil {
 		log.Panic(err)
diff --git a/go.mod b/go.mod
index 7c47d9c..7fff556 100644
--- a/go.mod
+++ b/go.mod
@@ -21,4 +21,5 @@ require (
 	golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect
 	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
 	golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
+	suah.dev/protect v1.2.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 5443c44..dfc44a6 100644
--- a/go.sum
+++ b/go.sum
@@ -744,6 +744,7 @@ golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210314195730-07df6a141424/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210917161153-d61c044b1678/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211110154304-99a53858aa08/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -999,3 +1000,5 @@ sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:w
 sigs.k8s.io/structured-merge-diff/v4 v4.0.3/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
+suah.dev/protect v1.2.0 h1:4G4V43yVYXCjLFzaE9QJR0fLo3rf5vNBS9YxyoI19DU=
+suah.dev/protect v1.2.0/go.mod h1:Ocn1yqUskqe/is6N2bxQxtT+fegbvQsOFyHbJAQu9XE=