Utilities: Add "pledge" utility for launching a sandboxed command

This new command allows you to run any command with an initial set
of pledge promises.

Note that dynamically linked executables won't be able to bootstrap
without at least "stdio rpath prot_exec".

Inspired by http://justine.lol/pledge/ :^)

2 files changed, 25 insertions, 0 deletions

diff --git a/Userland/Utilities/CMakeLists.txt b/Userland/Utilities/CMakeLists.txt
index a90eec5537..f3b51a1115 100644
--- a/Userland/Utilities/CMakeLists.txt
+++ b/Userland/Utilities/CMakeLists.txt
@@ -175,6 +175,7 @@ target_link_libraries(pathchk LibMain)
 target_link_libraries(pgrep LibRegex LibMain)
 target_link_libraries(pidof LibMain)
 target_link_libraries(ping LibMain)
+target_link_libraries(pledge LibMain)
 target_link_libraries(pls LibCrypt LibMain)
 target_link_libraries(pmap LibMain)
 target_link_libraries(pmemdump LibMain)
diff --git a/Userland/Utilities/pledge.cpp b/Userland/Utilities/pledge.cpp
new file mode 100644
index 0000000000..d54892dbab
--- /dev/null
+++ b/Userland/Utilities/pledge.cpp
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2022, Andreas Kling <kling@serenityos.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibCore/ArgsParser.h>
+#include <LibCore/System.h>
+#include <LibMain/Main.h>
+
+ErrorOr<int> serenity_main(Main::Arguments arguments)
+{
+    StringView promises;
+    Vector<StringView> command;
+
+    Core::ArgsParser args_parser;
+    args_parser.add_option(promises, "Space-separated list of pledge promises", "promises", 'p', "promises");
+    args_parser.add_positional_argument(command, "Command to execute", "command");
+    args_parser.parse(arguments);
+
+    TRY(Core::System::pledge(StringView(), promises));
+    TRY(Core::System::exec(command[0], command.span(), Core::System::SearchInPath::Yes));
+    return 0;
+}