AsiaBSDCon 2017 Secure CGI

    1 /* Title: Database example with pledge() sandbox */
    2 
    3 #include <err.h>
    4 #include <inttypes.h>
    5 #include <stdlib.h>
    6 #include <stdio.h>
    7 #include <unistd.h>
    8 
    9 #include <ksql.h>
   10 
   11 int
   12 main(void)
   13 {
   14 	struct ksql	*sql;
   15 	struct ksqlstmt	*stmt;
   16 	int64_t		 hits;
   17 
   18 	/* 
   19 	 * If only these files were in /tmp.
   20 	 * Then we'd be able to use tmppath.
   21 	 */
   22 
   23 	if (-1 == pledge("stdio cpath rpath wpath flock", NULL))
   24 		err(EXIT_FAILURE, NULL);
   25 
   26 	sql = ksql_alloc(NULL);
   27 	ksql_open(sql, "simple.db");
   28 	ksql_stmt_alloc(sql, &stmt, 
   29 		"UPDATE hits SET hits=hits+1", 0);
   30 	ksql_stmt_step(stmt);
   31 	ksql_stmt_free(stmt);
   32 	ksql_stmt_alloc(sql, &stmt, 
   33 		"SELECT hits FROM hits", 0);
   34 	ksql_stmt_step(stmt);
   35 	hits = ksql_stmt_int(stmt, 0);
   36 	ksql_stmt_free(stmt);
   37 	ksql_free(sql);
   38 
   39 	/* No need for any more privileges. */
   40 
   41 	if (-1 == pledge("stdio", NULL))
   42 		err(EXIT_FAILURE, NULL);
   43 
   44 	puts("Status: 200 OK\r");
   45 	puts("Content-Type: text/html\r");
   46 	puts("\r");
   47 	printf("Hello, world: %" PRId64 "\n", hits);
   48 	return(EXIT_SUCCESS);
   49 }