I have in progress a port of browserpass-native, a Native Messaging host
in Go for the Browserpass browser extension, that works with
security/password-store, the Pass password manager.
This survived unchanged a previous upgrade from OpenBSD 7.7 to 7.8, but
after the upgrade to 7.9 the browserpass-native process is aborted with
what I eventually found is a pledge violation, a wpath syscall that was
not present before. Tracing revealed that the main process is trying to
open /dev/null with O_WRONLY, before forking a gpg subprocess.
This was fixed by adding wpath to the pledge promises with a patch, but
I am curious about the change: Go itself was upgraded from 1.25 to 1.26
with the 7.9 upgrade, but I can't find any relevant changes in the way
it execs subprocesses. The browserpass-native port was unchanged. Were
there any recent changes to pledge with 7.9 that might be behind it?
Chris
- WIP security/browserpass-native: changes to pledge/Go in ... Chris Billington
-
