summaryrefslogtreecommitdiff
path: root/blobs
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-05-31 08:53:08 +0100
committerLeah Rowe <leah@libreboot.org>2023-05-31 08:53:08 +0100
commit78fc89352b23571f6bf4d7ef7e9f4a464dfe373c (patch)
tree1fff778b80044a53fb8aa9c0579daa20eb7daf14 /blobs
parentc2cd191676f5b491324d29484148c557dad548a5 (diff)
util/nvmutil: Use unveil, and harden pledges
After /dev/urandom (for MAC address randomisation) and the GbE file have been handled, unveil them. Unveil is a system call provided by OpenBSD that, when called, restricts access only to the files and/or directories specified, each given specific permissions. You can learn more about unveil here: https://man.openbsd.org/unveil.2 An ifdef rule makes nvmutil only use unveil on OpenBSD, because it's not available anywhere else. This is the same as with the pledge() system call. Where invalid arguments are given, and no action performed, pledge promises are also reduced to just stdio, preventing any writes to files, or reads from files. Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'blobs')
0 files changed, 0 insertions, 0 deletions