On Wed, Apr 27, 2016 at 12:01:17AM -0700, steve latif wrote: > Updated diff: > Added proc to the pledge list to deal with the system() in html.c
semarie's test case is still broken with the new patch (exec promise missing). > I missed system() as its not mentioned in the man page for pledge(2) > Including a second diff to add system() to the man page. > > I wrote a script to test out different combinations of command line options. > I went through the output of nm, readelf and the source code. > steve > > > On Sun, Apr 24, 2016 at 12:36 AM, Sebastien Marie <sema...@openbsd.org> wrote: > > On Sat, Apr 23, 2016 at 08:40:55PM +0200, David Dahlberg wrote: > >> > >> Attached is a patch that has a first pledge after setlocale, and a > >> second call the command line parsing, which removes write access. > > > > for me, the first pledge call is superflous: it didn't really add gain > > to the program. > > > > pledging ports should be keep simple diffs: it will be more simple later > > for merging with port updates (because all the checks should be redone > > in case of feature additions or changes...) > > > >> I bid somebody with better C skills in using debuggers and reading > >> symbols than me to check, whether this should be sufficient. Steve, > >> didn't you volunteer? ;-) > > > > I already pointed system(3) call in html.c (requiring "proc exec"). > > > > $ tree -R -L 2 -H . > > Abort trap (core dumped) > > > > the system(3) call occurs with the combinaison of these 3 options. It is > > why dynamic approch is really hard to be exhaustive. > > > > > > Please don't send patches if you aren't confident in your pledge > > promises: devs will not have time to check and review all the code to be > > sure that promises you pledge are good. > > > > Considers also that once bad promises are commited, the port could > > become unusable for others users, and the problem could be more > > important if it isn't catched in -current and bad promises goes to > > -stable (more work for devs). And users of the port will be angry about > > pledge(2) and you. > > -- > > Sebastien Marie > > > Index: patches/patch-tree_c > =================================================================== > RCS file: patches/patch-tree_c > diff -N patches/patch-tree_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-tree_c 27 Apr 2016 05:47:44 -0000 > @@ -0,0 +1,15 @@ > +$OpenBSD$ > +--- tree.c.orig Wed Apr 23 14:38:24 2014 > ++++ tree.c Sun Apr 24 22:31:03 2016 > +@@ -103,6 +103,11 @@ int main(int argc, char **argv) > + dirs[0] = 0; > + Level = -1; > + > ++ if (pledge("stdio rpath cpath wpath proc", NULL) == -1){ > ++ fprintf(stderr, "%s: pledge\n", argv[0]); > ++ exit(1); > ++ } > ++ > + setlocale(LC_CTYPE, ""); > + setlocale(LC_COLLATE, ""); > + > Index: pledge.2 > =================================================================== > RCS file: /cvs/src/lib/libc/sys/pledge.2,v > retrieving revision 1.32 > diff -u -p -r1.32 pledge.2 > --- pledge.2 13 Apr 2016 14:24:30 -0000 1.32 > +++ pledge.2 27 Apr 2016 03:20:10 -0000 > @@ -438,7 +438,8 @@ Allows the following process relationshi > .Xr setpriority 2 , > .Xr setrlimit 2 , > .Xr setpgid 2 , > -.Xr setsid 2 . > +.Xr setsid 2 , > +.Xr system 3 . > .It Va "exec" > Allows a process to call > .Xr execve 2 .