js: Use pledge()

It is now no longer possible to make network connections from a hijacked js(1) :^)
author: Linus Groh <mail@linusgroh.de> 2021-11-22 20:41:58 +0000
committer: Andreas Kling <kling@serenityos.org> 2021-11-22 23:07:43 +0100
commit: 8fa5dc7241845858fa95fbc69b2b527baf224eb4 (patch)
tree: c5906a7d6eac777b0d19258259204b0753c69759
parent: cfecfbb2143ecf107020c8dc499645a58a63071a (diff)
download: serenity-8fa5dc7241845858fa95fbc69b2b527baf224eb4.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Userland/Utilities/js.cpp b/Userland/Utilities/js.cpp
index 9844c2c454..5b5cf5934e 100644
--- a/Userland/Utilities/js.cpp
+++ b/Userland/Utilities/js.cpp
@@ -61,6 +61,7 @@
 #include <LibJS/Runtime/Value.h>
 #include <LibLine/Editor.h>
 #include <LibMain/Main.h>
+#include <LibSystem/Wrappers.h>
 #include <fcntl.h>
 #include <signal.h>
 #include <stdio.h>
@@ -1105,6 +1106,10 @@ public:
 
 ErrorOr<int> serenity_main(Main::Arguments arguments)
 {
+#ifdef __serenity__
+    TRY(System::pledge("stdio rpath wpath cpath tty sigaction", nullptr));
+#endif
+
     bool gc_on_every_allocation = false;
     bool disable_syntax_highlight = false;
     Vector<String> script_paths;
author	Linus Groh <mail@linusgroh.de>	2021-11-22 20:41:58 +0000
committer	Andreas Kling <kling@serenityos.org>	2021-11-22 23:07:43 +0100
commit	8fa5dc7241845858fa95fbc69b2b527baf224eb4 (patch)
tree	c5906a7d6eac777b0d19258259204b0753c69759
parent	cfecfbb2143ecf107020c8dc499645a58a63071a (diff)
download	serenity-8fa5dc7241845858fa95fbc69b2b527baf224eb4.zip