💾 Archived View for thrig.me › blog › 2023 › 05 › 07 › wrap.c captured on 2024-08-18 at 20:28:29.
⬅️ Previous capture (2023-05-24)
-=-=-=-=-=-=-
// wrap - prevent unveil.pl from reading /etc/passwd (and other files)
#include <err.h>
#include <unistd.h>
int
main(int argc, char *argv[], char *envp[])
{
char *prog = "/usr/bin/perl";
// Perl needs to read a bunch of files from here
if (unveil("/usr", "r") == -1) err(1, "unveil");
// and this program needs to be able to exec perl
if (unveil(prog, "x") == -1) err(1, "unveil");
// and unveil.pl needs to be readable by perl
if (unveil(".", "r") == -1) err(1, "unveil");
if (pledge("exec stdio", "cpath prot_exec rpath stdio") == -1)
err(1, "pledge");
execl(prog, "perl", "unveil.pl", (char *) 0);
}