WebServer: Tighten things up with pledge() and unveil()

author: Andreas Kling <kling@serenityos.org> 2020-02-09 12:09:40 +0100
committer: Andreas Kling <kling@serenityos.org> 2020-02-09 14:15:55 +0100
commit: efb694ecad3ee83d013794f3de66eae625c49f88 (patch)
tree: dd6b6dfdf40ce189b74cbbefbb870e31fa03c8f5 /Servers
parent: 6c752c15a2a7d25773f0b2fec2ac4588e8d3c74a (diff)
download: serenity-efb694ecad3ee83d013794f3de66eae625c49f88.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/Servers/WebServer/main.cpp b/Servers/WebServer/main.cpp
index 36a207309c..6c63c1244e 100644
--- a/Servers/WebServer/main.cpp
+++ b/Servers/WebServer/main.cpp
@@ -1,12 +1,19 @@
 #include "Client.h"
 #include <LibCore/EventLoop.h>
 #include <LibCore/TCPServer.h>
+#include <stdio.h>
+#include <unistd.h>
 
 int main(int argc, char** argv)
 {
     (void)argc;
     (void)argv;
 
+    if (pledge("stdio accept rpath inet unix cpath fattr", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     Core::EventLoop loop;
 
     auto server = Core::TCPServer::construct();
@@ -19,5 +26,18 @@ int main(int argc, char** argv)
     };
 
     server->listen({}, 8000);
+
+    if (unveil("/www", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    unveil(nullptr, nullptr);
+
+    if (pledge("stdio accept rpath", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     return loop.exec();
 }
author	Andreas Kling <kling@serenityos.org>	2020-02-09 12:09:40 +0100
committer	Andreas Kling <kling@serenityos.org>	2020-02-09 14:15:55 +0100
commit	efb694ecad3ee83d013794f3de66eae625c49f88 (patch)
tree	dd6b6dfdf40ce189b74cbbefbb870e31fa03c8f5 /Servers
parent	6c752c15a2a7d25773f0b2fec2ac4588e8d3c74a (diff)
download	serenity-efb694ecad3ee83d013794f3de66eae625c49f88.zip