Restrict system operations on OpenBSD

Use pledge(2)[0] to limit patchelf(1) to read, write and create files. It never deals with TTY, network, process management or other subsystems. Do so immediately in main() since mainWrapped() itself parses files whilst parsing command line arguments (--rename-dynamic-symbols). This is to reduce patchelf's attack surface and potential damage when dealing with untrusted ELF programs. No behaviour change in tests or real world usage observed on OpenBSD/amd64 7.4 (0.18.0 tests: 56/52/2/2 TOTAL/PASS/FAIL/SKIP). 0: https://man.openbsd.org/pledge.2
NixOS · Nov 18, 2024 · 27e4d7a · 27e4d7a
1 parent 1c443aa
commit 27e4d7a
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/patchelf.cc b/src/patchelf.cc
@@ -2697,6 +2697,11 @@ static int mainWrapped(int argc, char * * argv)
 
 int main(int argc, char * * argv)
 {
+#ifdef __OpenBSD__
+    if (pledge("stdio rpath wpath cpath", NULL) == -1)
+        error("pledge");
+#endif
+
     try {
         return mainWrapped(argc, argv);
     } catch (std::exception & e) {