From efb694ecad3ee83d013794f3de66eae625c49f88 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sun, 9 Feb 2020 12:09:40 +0100
Subject: [PATCH] WebServer: Tighten things up with pledge() and unveil()

---
 Servers/WebServer/main.cpp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/Servers/WebServer/main.cpp b/Servers/WebServer/main.cpp
index 36a207309c..6c63c1244e 100644
--- a/Servers/WebServer/main.cpp
+++ b/Servers/WebServer/main.cpp
@@ -1,12 +1,19 @@
 #include "Client.h"
 #include <LibCore/EventLoop.h>
 #include <LibCore/TCPServer.h>
+#include <stdio.h>
+#include <unistd.h>
 
 int main(int argc, char** argv)
 {
     (void)argc;
     (void)argv;
 
+    if (pledge("stdio accept rpath inet unix cpath fattr", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     Core::EventLoop loop;
 
     auto server = Core::TCPServer::construct();
@@ -19,5 +26,18 @@ int main(int argc, char** argv)
     };
 
     server->listen({}, 8000);
+
+    if (unveil("/www", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    unveil(nullptr, nullptr);
+
+    if (pledge("stdio accept rpath", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     return loop.exec();
 }