You made a few minor mistakes: 1. It doesn't make sense to call unveil(NULL, NULL) at the end of your program, since it has no effect afterwards. 2. char buffer[buffer_size] is a variable-length array. You should have declared buffer_size as a macro or just used a literal value. Not even using `const int` would help as `const ` doesn't mean constant, but read-only. In practice the compiler (if it supports it) optimizes it away, but please don't use VLAs. Btw you can use `sizeof buffer` instead of a variable. 3. You shouldn't put a ' ' at the end of perror()'s string. 4. Another minor gripe. Use puts() instead of printf(), if you're not formatting strings. In practice the compiler usually does it for you, but for correctness just use puts(). Hint for the future: unveil() has to be called _before_ pledge(). Otherwise you must pledge to unveil. I found it out the ugly way :> Btw I have written an lsblk(8) implementation for OpenBSD, if you're interested: git.stuerz.xyz/openbsd/lsblk I'm gonna try to submit a port for it in the next days/weeks.
Thanks for hints, will keep in mind for future demos. In my defense I am not a C developer and last time I wrote any sensible C code was 10+ years ago 🙂
Hi mate, first of all thank you for your videos. Also I would like to ask you if it possible to use OpenBSD on mac without m1+ chip and also switch OS between Windows 10 and Openbsd or macOS and Openbsd?
unveil is a whitelist of paths and permissions. And pledge is a whitelist of system calls you can do. You use unveil to stop unwanted access to files and directories. Like only allow access to the application's config folder. And use pledge to stop the application doing what it has no business to. Like stopping a text processor from making networking calls.
![[UNCUT] “บอสณวัฒน์” ลากไส้!! ใครหนุนหลัง "แม่ตั๊ก ป๋าเบียร์" I คนดังนั่งเคลียร์ I 30 ก.ย. 67](http://i.ytimg.com/vi/QlD7mU2KKRk/mqdefault.jpg)
![[ TEASER ] เงาะป่า - วงL.กฮ. | TMG RECORD](http://i.ytimg.com/vi/M4ObdFfcPww/mqdefault.jpg)
* Unveil syscall first appeared in OpenBSD 6.4
Now this was a good video. I loved it. Thanks!
thanks Brother,
short vids on subjects really help ...
You made a few minor mistakes:
1.
It doesn't make sense to call unveil(NULL, NULL) at the end of your program, since it has no effect afterwards.
2.
char buffer[buffer_size] is a variable-length array.
You should have declared buffer_size as a macro or just used a literal value.
Not even using `const int` would help as `const ` doesn't mean constant, but read-only.
In practice the compiler (if it supports it) optimizes it away, but please don't use VLAs.
Btw you can use `sizeof buffer` instead of a variable.
3.
You shouldn't put a '
' at the end of perror()'s string.
4.
Another minor gripe. Use puts() instead of printf(), if you're not formatting strings.
In practice the compiler usually does it for you, but for correctness just use puts().
Hint for the future:
unveil() has to be called _before_ pledge().
Otherwise you must pledge to unveil.
I found it out the ugly way :>
Btw I have written an lsblk(8) implementation for OpenBSD, if you're interested: git.stuerz.xyz/openbsd/lsblk
I'm gonna try to submit a port for it in the next days/weeks.
Thanks for hints, will keep in mind for future demos. In my defense I am not a C developer and last time I wrote any sensible C code was 10+ years ago 🙂
Can you write the correct way(with the suggestions you just made) to do it and link it below?
this is the type of video i love. make sure to fallow the style(9) when writing c in the OpenBSD.
Good point, thanks
Thanks for the share.
Great video, thanks for sharing.
Hi mate, first of all thank you for your videos.
Also I would like to ask you if it possible to use OpenBSD on mac without m1+ chip and also switch OS between Windows 10 and Openbsd or macOS and Openbsd?
Is there any difference between the pledge and unveil, are them do the same?
unveil is a whitelist of paths and permissions. And pledge is a whitelist of system calls you can do.
You use unveil to stop unwanted access to files and directories. Like only allow access to the application's config folder.
And use pledge to stop the application doing what it has no business to. Like stopping a text processor from making networking calls.
Could you share your vim and bash config files?