On Sat, May 05 2018, Klemens Nanni <[email protected]> wrote:
> It's still running with prot_exec due to ecurity/cyrus-sasl2, but that's
> subject to change in an updated diff once I've fiddled with multiple
> accounts and different `AuthMeths' configurations.
>
> The diff is relatively straight forward, but I'm happy to hear feedback
> from you. Make sure to include the relevant trace lines if mbsync gets
> killed:
>
> $ ktrace -di -- mbsync -a
> $ kdump
>
> Adding myself as MAINTAINER and dropping `-g' from CFLAGS since it's
> already handled through DEBUG.
>
> Feedback? OK?
I think so far most pledge calls are done with string literals rather
than one string modified according to what the program needs.
In the base tree, it seems that only getent(1) uses a non-literal as
pledge(2) argument, but the underlying string is still not mutable.
Searching the ports tree using grep -sER 'pledge\([^2")]':
--8<--
russell /usr/ports$ grep -sER 'pledge\([^2")]' !(distfiles)
devel/rgbds/patches/patch-src_asm_main_c:+int pledge(const char *, const char
*);
devel/rgbds/patches/patch-src_fix_main_c:+int pledge(const char *, const char
*);
devel/rgbds/patches/patch-src_gfx_main_c:+int pledge(const char *, const char
*);
devel/rgbds/patches/patch-src_link_main_c:+int pledge(const char *, const char
*);
mail/isync/patches/patch-src_main_c:+ if (pledge(main_promises, NULL) == -1)
mail/isync/patches/patch-src_main_c:+ if (pledge(main_promises, NULL)
== -1)
mail/isync/patches/patch-src_main_c:+ if (pledge(main_promises, NULL)
== -1)
security/hitch/patches/patch-src_hitch_c:+ if
(pledge(work_promises, NULL) == -1)
security/hitch/patches/patch-src_hitch_c:+ if
(pledge(ocsp_promises, NULL) == -1)
security/hitch/patches/patch-src_hitch_c:+ if
(pledge(main_promises, NULL) == -1)
textproc/ripgrep/patches/patch-src_main_rs:+ fn pledge(promises: *const
libc::c_char, execpromises: *const libc::c_char) -> libc::c_int;
textproc/ripgrep/patches/patch-src_main_rs:+ if unsafe {
pledge(promises.as_ptr(), execpromises) } == -1 {
-->8--
hitch and isync would be the first programs to use this pattern.
I'm not sure it makes it easier to *think* about promises made in
a program, and I don't see a reason to go down that road.
The MAINTAINER and CONFIGURE_ENV bits are ok jca@
Looks like the license marker ought to be GPLv2+.
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/isync/Makefile,v
> retrieving revision 1.33
> diff -u -p -r1.33 Makefile
> --- Makefile 17 Nov 2017 00:22:39 -0000 1.33
> +++ Makefile 5 May 2018 20:45:15 -0000
> @@ -3,14 +3,19 @@
> COMMENT= synchronize IMAP4 and maildir mailboxes
>
> DISTNAME= isync-1.3.0
> +REVISION= 0
> +
> CATEGORIES= mail
> MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=isync/}
>
> HOMEPAGE= http://isync.sourceforge.net/
>
> +MAINTAINER= Klemens Nanni <[email protected]>
> +
> # GPLv2
> PERMIT_PACKAGE_CDROM= Yes
>
> +# uses pledge()
> WANTLIB= c crypto db sasl2 ssl z
>
> COMPILER= base-clang ports-clang ports-gcc
> @@ -20,7 +25,7 @@ LIB_DEPENDS= databases/db/v4 \
>
> SEPARATE_BUILD= Yes
> CONFIGURE_STYLE= gnu
> -CONFIGURE_ENV+= CFLAGS="${CFLAGS} -I${LOCALBASE}/include/db4
> -g" \
> +CONFIGURE_ENV+= CFLAGS="${CFLAGS} -I${LOCALBASE}/include/db4" \
> CPPFLAGS="-I${LOCALBASE}/include" \
> LDFLAGS="-L${LOCALBASE}/lib"
>
> Index: patches/patch-src_drv_imap_c
> ===================================================================
> RCS file: patches/patch-src_drv_imap_c
> diff -N patches/patch-src_drv_imap_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_drv_imap_c 5 May 2018 20:45:15 -0000
> @@ -0,0 +1,23 @@
> +$OpenBSD$
> +
> +Index: src/drv_imap.c
> +--- src/drv_imap.c.orig
> ++++ src/drv_imap.c
> +@@ -41,6 +41,8 @@
> + # include <sasl/saslutil.h>
> + #endif
> +
> ++extern int needs_proc_exec;
> ++
> + #ifdef HAVE_LIBSSL
> + enum { SSL_None, SSL_STARTTLS, SSL_IMAPS };
> + #endif
> +@@ -3267,6 +3269,8 @@ imap_parse_store( conffile_t *cfg, store_conf_t **stor
> + }
> + acc_opt = 1;
> + }
> ++ if (server->sconf.tunnel || server->pass_cmd)
> ++ needs_proc_exec = 1;
> + if (store)
> + type = "IMAP store", name = store->gen.name;
> + else
> Index: patches/patch-src_main_c
> ===================================================================
> RCS file: patches/patch-src_main_c
> diff -N patches/patch-src_main_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_main_c 5 May 2018 20:45:15 -0000
> @@ -0,0 +1,70 @@
> +$OpenBSD$
> +
> +Index: src/main.c
> +--- src/main.c.orig
> ++++ src/main.c
> +@@ -120,6 +120,26 @@ PACKAGE " " VERSION " - mailbox synchronizer\n"
> + exit( code );
> + }
> +
> ++int needs_proc_exec = 0;
> ++char main_promises[] = "stdio rpath wpath cpath inet flock dns getpw proc
> exec"
> ++#ifdef HAVE_LIBSASL
> ++ " prot_exec"
> ++#endif
> ++ ;
> ++
> ++void
> ++drop_promise(char *promises, char *word)
> ++{
> ++ char *w, *p;
> ++
> ++ /* find first char after word */
> ++ if (!(w = strstr(promises, word)))
> ++ return;
> ++ p = w + strlen(word);
> ++ /* clobber word with trailing string */
> ++ memmove(w, p, strlen(p) + 1);
> ++}
> ++
> + static void ATTR_PRINTFLIKE(1, 2)
> + debug( const char *msg, ... )
> + {
> +@@ -410,6 +430,9 @@ main( int argc, char **argv )
> + char *config = 0, *opt, *ochar;
> + int oind, cops = 0, op, ops[2] = { 0, 0 }, pseudo = 0;
> +
> ++ if (pledge(main_promises, NULL) == -1)
> ++ sys_error("pledge\n");
> ++
> + tzset();
> + gethostname( Hostname, sizeof(Hostname) );
> + if ((ochar = strchr( Hostname, '.' )))
> +@@ -700,6 +723,13 @@ main( int argc, char **argv )
> + }
> + }
> +
> ++ if (mvars->list) {
> ++ drop_promise(main_promises, "wpath");
> ++ drop_promise(main_promises, "cpath");
> ++ if (pledge(main_promises, NULL) == -1)
> ++ sys_error("pledge\n");
> ++ }
> ++
> + if (!(DFlags & (QUIET | DEBUG_ALL)) && isatty( 1 ))
> + DFlags |= PROGRESS;
> +
> +@@ -716,6 +746,13 @@ main( int argc, char **argv )
> +
> + if (load_config( config, pseudo ))
> + return 1;
> ++
> ++ if (!needs_proc_exec) {
> ++ drop_promise(main_promises, "proc");
> ++ drop_promise(main_promises, "exec");
> ++ if (pledge(main_promises, NULL) == -1)
> ++ sys_error("pledge\n");
> ++ }
> +
> + if (!channels) {
> + fputs( "No channels defined. Try 'man " EXE "'\n", stderr );
>
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
