statzone

DNS zone file analyzer targeted at TLD zones
Log | Files | Refs | README | LICENSE
commit fdc62e8933bce306625d4a3a00c76731e0a62598
parent 2edc8d3141a4c6247b30f05af862f1b4b530fd41
Author: Frederic Cambus <fred@statdns.com>
Date:   Wed, 31 Mar 2021 14:36:48 +0200

Remove pledge() support and get rid of the compat directory entirely.

Diffstat:

MCMakeLists.txt | 13+------------


MREADME.md | 9++++-----


Dcompat/compat.hpp | 8--------


Dcompat/pledge.cpp | 7-------


Dcompat/pledge.hpp | 1-


Msrc/statzone.cpp | 7+------


6 files changed, 6 insertions(+), 39 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -4,7 +4,7 @@
 # https://www.statdns.com
 #
 # Created: 2012-02-13
-# Last Updated: 2021-03-30
+# Last Updated: 2021-03-31
 #
 # StatZone is released under the BSD 2-Clause license
 # See LICENSE file for details.
@@ -21,10 +21,6 @@ include(GNUInstallDirs)
 set(ENABLE_SECCOMP 0
     CACHE BOOL "Enable building with seccomp")
 
-# Check if system has pledge
-list(APPEND CMAKE_REQUIRED_DEFINITIONS -D_OPENBSD_SOURCE)
-check_function_exists(pledge HAVE_PLEDGE)
-
 if(ENABLE_SECCOMP)
   # Check if system has seccomp
   message(STATUS "Looking for seccomp")
@@ -37,15 +33,8 @@ if(ENABLE_SECCOMP)
   endif()
 endif(ENABLE_SECCOMP)
 
-# Additional include directories for compat functions
-include_directories("compat")
-
 set(SRC src/statzone.cpp src/strtolower.cpp)
 
-if(NOT HAVE_PLEDGE)
-  set (SRC ${SRC} compat/pledge.cpp)
-endif()
-
 add_definitions(-Wall -Wextra -std=c++11 -pedantic)
 add_executable(statzone ${SRC})
 
diff --git a/README.md b/README.md
@@ -8,11 +8,10 @@ domains, and total number of domains.
 
 It is currently used to generate TLD Zone File Statistics on [StatDNS][1].
 
-StatZone is written with security in mind and is running sandboxed on OpenBSD
-(using pledge). Experimental seccomp support is available for selected
-architectures and can be enabled by setting the `ENABLE_SECCOMP` variable
-to `1` when invoking CMake. It has also been extensively fuzzed using AFL
-and Honggfuzz.
+StatZone is written with security in mind, and has also been extensively
+fuzzed using AFL and Honggfuzz. Experimental seccomp support is available
+for selected architectures and can be enabled by setting the `ENABLE_SECCOMP`
+variable to `1` when invoking CMake.
 
 ## Dependencies
 
diff --git a/compat/compat.hpp b/compat/compat.hpp
@@ -1,8 +0,0 @@
-#ifndef COMPAT_HPP
-#define COMPAT_HPP
-
-#ifndef HAVE_PLEDGE
-#include "pledge.hpp"
-#endif
-
-#endif /* COMPAT_HPP */
diff --git a/compat/pledge.cpp b/compat/pledge.cpp
@@ -1,7 +0,0 @@
-int
-pledge(const char *promises, const char *execpromises)
-{
-	(void)promises;
-	(void)execpromises;
-	return 0;
-}
diff --git a/compat/pledge.hpp b/compat/pledge.hpp
@@ -1 +0,0 @@
-int pledge(const char *, const char *);
diff --git a/src/statzone.cpp b/src/statzone.cpp
@@ -4,7 +4,7 @@
  * https://www.statdns.com
  *
  * Created: 2012-02-13
- * Last Updated: 2021-03-30
+ * Last Updated: 2021-03-31
  *
  * StatZone is released under the BSD 2-Clause license
  * See LICENSE file for details.
@@ -27,7 +27,6 @@
 #include "seccomp.h"
 #endif
 
-#include "compat.hpp"
 #include "config.hpp"
 #include "strtolower.hpp"
 
@@ -80,10 +79,6 @@ main(int argc, char *argv[])
 
 	FILE *zonefile;
 
-	if (pledge("stdio rpath", NULL) == -1) {
-		err(EXIT_FAILURE, "pledge");
-	}
-
 #ifdef HAVE_SECCOMP
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
 		perror("Can't initialize seccomp");