7 unstable releases

Uses old Rust 2015

new 0.4.1 Nov 21, 2020
0.4.0 Dec 24, 2019
0.3.1 Nov 28, 2017
0.3.0 Dec 9, 2016
0.1.0 Sep 4, 2016

#1 in #openbsd

Download history 28/week @ 2020-08-04 82/week @ 2020-08-11 68/week @ 2020-08-18 55/week @ 2020-08-25 84/week @ 2020-09-01 51/week @ 2020-09-08 50/week @ 2020-09-15 56/week @ 2020-09-22 57/week @ 2020-09-29 55/week @ 2020-10-06 49/week @ 2020-10-13 69/week @ 2020-10-20 59/week @ 2020-10-27 56/week @ 2020-11-03 126/week @ 2020-11-10 112/week @ 2020-11-17

289 downloads per month
Used in 10 crates (6 directly)

MIT license

13KB
250 lines

pledge-rs

MIT licensed crates.io

A Rust binding to OpenBSD's pledge(2) interface.

Usage

/* Rust 2015 only */ #[macro_use] extern crate pledge;
/* Rust 2018 only */ use pledge::{pledge, pledge_promises, pledge_execpromises};

fn foo() {
    // make both promises and execpromises
    pledge![Stdio Proc Exec, Stdio Tty].unwrap();

    // make promises only
    pledge_promises![Stdio Exec].unwrap();

    // make execpromises only
    pledge_execpromises![Stdio].unwrap();
}

This is roughly equivalent to:

/* Rust 2015 only */ extern crate pledge;
use pledge::{pledge, Promise, ToPromiseString};

fn foo() {
    // make both promises and execpromises
    let promises = vec![Promise::Stdio, Promise::Proc, Promise::Exec];
    let execpromises = vec![Promise::Stdio, Promise::Tty];
    pledge(&*promises.to_promise_string(), &*execpromises.to_promise_string()).unwrap();

    // make promises only
    let promises = vec![Promise::Stdio, Promise::Exec];
    pledge(&*promises.to_promise_string(), None).unwrap();

    // make execpromises only
    let execpromises = vec![Promise::Stdio];
    pledge(None, &*execpromises.to_promise_string()).unwrap();
}

You may also provide promises directly as a string:

/* Rust 2015 only */ extern crate pledge;
use pledge::pledge;

fn foo() {
    // make both promises and execpromises
    pledge("stdio proc exec", "stdio tty").unwrap();

    // make promises only
    pledge("stdio exec", None).unwrap();

    // make execpromises only
    pledge(None, "stdio").unwrap();
}

All of these will yield pledge::Error::UnsupportedPlatform on platforms that don’t support pledge(2). You can use pledge::Error::ignore_platform to ignore that variant and make your program portable to those platforms:

/* Rust 2015 only */ extern crate pledge;
/* Rust 2018 only */ use pledge::pledge_promises;

fn foo() {
    ...

    pledge_promises![Stdio Exec]
        .or_else(pledge::Error::ignore_platform)
        .unwrap();

    ...
}

Compatibility

This version of the crate is compatible with the OpenBSD 6.3+ interface, where the second parameter restricts the privileges of the process after execve(2), and guaranteed to be compatible with Rust 1.24.0+ (as shipped by OpenBSD 6.3).

Use version ^0.3 for the OpenBSD 5.9+ interface last supported by Bitrig, where the second parameter sets a whitelist of permitted paths.

To migrate your code from older versions:

  • change pledge![P, Q, R] call sites to pledge_promises![P Q R]
  • change pledge("p q r") call sites to pledge("p q r", None)
  • change pledge_with_paths(promises, paths) to pledge(promises)
  • update usage of renamed Promise variants (e.g. MCastMcast)
  • consider making execpromises to restrict processes after execve(2)
  • consider using unveil(2) and the unveil crate (OpenBSD 6.4+)

Dependencies

~28KB