Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> This means no checking for OpenBSD specifically but instead feature sniffing for their presence.

Indeed it sniffs for any functions named pledge() and unveil() that exist in any library loaded into the process… and then assumes that, if they exist, they have not only the same purpose but also the exact same signatures as the corresponding functions from OpenBSD. ctypes cannot validate function signatures, so if they have different signatures, you get undefined behavior. I wouldn’t recommend this approach.



Just ask OpenBSD to provide a pledge_sig and unveil_sig that simply return a C string where each character is the type of the corresponding argument.

E.g., if pledge_sig returns "ss" you know you're dealing either with the bona fide OpenBSD pledge or an evil demon.


What would be the right way to do it? A plain old Python C extension?


Or using API-mode cffi which basically does that for you, though it’s still not quite safe you can combine `cdef` and `set_source` to re-export exactly what you’re looking for. `set_source` will basically create an intermediate module under your control.

Sadly AFAIK you always need a `cdef` which defines the binding between Python and C, I don’t think you can tell cffi to get this information from a real header file. But by providing a custom source you can more easily ensure the `cdef` and the function for it match correctly, with `set_source` bridging to the real underlying functions.

One drawback of using API-level CFFI is it requires a C compiler (and probably all sorts of dev packages / headers), whereas ABI-level use doesn’t.


I would check to make sure I was running on an OpenBSD system first before anything else.

You could use sys.platform()

https://docs.python.org/3/library/sys.html#sys.platform


> I would check to make sure I was running on an OpenBSD system first before anything else.

But SerenityOS has pledge and unveil too.

https://awesomekling.github.io/pledge-and-unveil-in-Serenity...

Dunno if Python runs on SerenityOS or not yet tho


Not wanting to tie it to OpenBSD only was the reason he chose feature sniffing. From the article:

> "Systems other than OpenBSD may support these functions, now or in the future, and it would be nice to automatically make use of them when available. This means no checking for OpenBSD specifically but instead feature sniffing for their presence."


That's a good point. But I would still include a check for OS's that I know support it. This means it wouldn't work on OS's without first explicitly allowing it.

I view this as a feature and not a bug. There's a good chance there are other things to consider when a new OS adds pledge or unveil, and this gives the developer a chance to test support on the new OS before anyone uses it.

Basically, I disagree with the article that you want to implement this in Python in a completely OS agnostic manner.


Make "failed to find `pledge` function' a hard error on OSes known to have it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: