// Copyright 2023 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

//go:build unix

package runtime

func secure() {
	initSecureMode()

	if !isSecureMode() {
		return
	}

	// When secure mode is enabled, we do two things:
	//   1. ensure the file descriptors 0, 1, and 2 are open, and if not open them,
	//      pointing at /dev/null (or fail)
	//   2. enforce specific environment variable values (currently we only force
	//		GOTRACEBACK=none)
	//
	// Other packages may also disable specific functionality when secure mode
	// is enabled (determined by using linkname to call isSecureMode).
	//
	// NOTE: we may eventually want to enforce (1) regardless of whether secure
	// mode is enabled or not.

	secureFDs()
	secureEnv()
}

func secureEnv() {
	var hasTraceback bool
	for i := 0; i < len(envs); i++ {
		if hasPrefix(envs[i], "GOTRACEBACK=") {
			hasTraceback = true
			envs[i] = "GOTRACEBACK=none"
		}
	}
	if !hasTraceback {
		envs = append(envs, "GOTRACEBACK=none")
	}
}

func secureFDs() {
	const (
		// F_GETFD and EBADF are standard across all unixes, define
		// them here rather than in each of the OS specific files
		F_GETFD = 0x01
		EBADF   = 0x09
	)

	devNull := []byte("/dev/null\x00")
	for i := 0; i < 3; i++ {
		ret, errno := fcntl(int32(i), F_GETFD, 0)
		if ret >= 0 {
			continue
		}
		if errno != EBADF {
			print("runtime: unexpected error while checking standard file descriptor ", i, ", errno=", errno, "\n")
			throw("cannot secure fds")
		}

		if ret := open(&devNull[0], 2 /* O_RDWR */, 0); ret < 0 {
			print("runtime: standard file descriptor ", i, " closed, unable to open /dev/null, errno=", errno, "\n")
			throw("cannot secure fds")
		} else if ret != int32(i) {
			print("runtime: opened unexpected file descriptor ", ret, " when attempting to open ", i, "\n")
			throw("cannot secure fds")
		}
	}
}