Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]
On 2015-11-22, "trondd"wrote: > I haven't seen much discussion about applying pledge to ports, so I > thought I'd > find out how people feel about it. Reluctant. Very reluctant. You may remember that by and large we stopped adding strl* patches to ports, because they become a maintenance burden when not accepted upstream and there is a real risk of introducing bugs. I am very worried about people sprinkling pledge() over ports with the result that programs die with pledge violations when a user runs the program slightly differently than the maintainer. We have added pledge() to a few popular decompressors because these are a potential attack vector against the package building machines, and it took sthen@ and me three attempts to get right an ostensibly simple program like xz. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]
On Sun, November 22, 2015 7:43 pm, Theo de Raadt wrote: >> So I'm reading that as "Yes, but only if you know what you're doing." > > You can't just pick pledges; you also have to put them in the right > place. > > You have the wrong pledge arguments, because you are calling pledge > at the wrong place. > One mistake I made... Was that I wanted pledge as soon as possible, and forgot the init/main program structure that pledge is designed to work *with*. Then I didn't question the results. Well, that's a benefit of putting it out there. I can learn. And hopefully others do, too. Tim.
Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]
> One mistake I made... Was that I wanted pledge as soon as possible, and > forgot the init/main program structure that pledge is designed to work > *with*. Then I didn't question the results. Well, that's a benefit of > putting it out there. I can learn. And hopefully others do, too. "pledge as soon as possible" is a design mistake. The source tree is full of examples showing that this won't work; less than half of them pledge at the start.
Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]
> So I'm reading that as "Yes, but only if you know what you're doing." You can't just pick pledges; you also have to put them in the right place. You have the wrong pledge arguments, because you are calling pledge at the wrong place.
Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]
On Sun, November 22, 2015 4:23 pm, Theo de Raadt wrote: > That diff is completely wrong. > > The addition of "prot_exec" to a pledge should result in some > significant questions. > > You can't pledge a program if you don't understand what it is doing, > and why. > > Misapplication of pledge like this will result in a nightmare. > > >> > I haven't seen much discussion about applying pledge to ports, so I >> > thought I'd >> > find out how people feel about it. >> So I'm reading that as "Yes, but only if you know what you're doing." >> > I can see downsides to this such as, ports maintainers not necessarily >> being >> > involved in the development of the port and having a lower >> understanding >> > of the >> > code as compared to OBSD developers with base code I guess I fell into my own caveat. Also, thanks for the additional pointers off-list. Tim.
Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]
On Sun, Nov 22, 2015 at 12:38:22PM -0500, trondd wrote: > ...And I meant for this to go to ports. Sorry. > > Original Message > Subject: [PATCH] pledge x11/wmii (and other ports?) > From:tro...@kagu-tsuchi.com > Date:Sun, November 22, 2015 12:24 pm > To: m...@openbsd.org > -- > > I haven't seen much discussion about applying pledge to ports, so I > thought I'd > find out how people feel about it. I like it. > I chose to start with x11/wmii because > a) It's no longer officially developed so (other than updating the port to > the > last release) it's not going to change. > b) I might be the only one left who uses it. Yes. I'm pretty sure you are ;) However, I would consider github sunaku/wmii the "new" upstream, so maybe try to push the patches there as and gently ask for release. > I've been running it pledged since it was tame. > > I can see downsides to this such as, ports maintainers not necessarily being > involved in the development of the port and having a lower understanding > of the > code as compared to OBSD developers with base code, or not having the ability > to reorganize or change the code in a way that improves it for pledge. > > Tim. > > > Index: Makefile > === > RCS file: /cvs/ports/x11/wmii/Makefile,v > retrieving revision 1.21 > diff -u -p -r1.21 Makefile > --- Makefile12 Nov 2015 09:59:41 - 1.21 > +++ Makefile20 Nov 2015 22:33:36 - > @@ -3,7 +3,7 @@ > COMMENT= dynamic window manager > DISTNAME= wmii-3.6 > -REVISION= 6 > +REVISION= 7 > CATEGORIES=x11 > HOMEPAGE= http://wmii.suckless.org/ > cvs server: Diffing patches > Index: patches/patch-cmd_wmii_main_c > === > RCS file: patches/patch-cmd_wmii_main_c > diff -N patches/patch-cmd_wmii_main_c > --- /dev/null 1 Jan 1970 00:00:00 - > +++ patches/patch-cmd_wmii_main_c 20 Nov 2015 22:33:36 - @@ -0,0 > +1,13 @@ > +$OpenBSD$ > +--- cmd/wmii/main.c.orig Sun Oct 18 15:10:20 2015 > cmd/wmii/main.cSun Oct 18 15:10:33 2015 > +@@ -408,6 +408,9 @@ main(int argc, char *argv[]) { > + WinAttr wa; > + int i; > + > ++ if (pledge("stdio rpath cpath fattr unix proc exec prot_exec", > NULL) == -1) > ++ err(1, "pledge"); > ++ > + fmtinstall('r', errfmt); > + fmtinstall('C', Cfmt); > + > Index: patches/patch-cmd_wmiir_c > === > RCS file: patches/patch-cmd_wmiir_c > diff -N patches/patch-cmd_wmiir_c > --- /dev/null 1 Jan 1970 00:00:00 - > +++ patches/patch-cmd_wmiir_c 20 Nov 2015 22:33:36 - > @@ -0,0 +1,13 @@ > +$OpenBSD$ > +--- cmd/wmiir.c.orig Sun Oct 18 15:09:57 2015 > cmd/wmiir.cSun Oct 18 15:10:44 2015 > +@@ -312,6 +312,9 @@ main(int argc, char *argv[]) { > + exectab *tab; > + int ret; > + > ++ if (pledge("stdio unix", NULL) == -1) > ++ err(1, "pledge"); > ++ > + fmtinstall('r', errfmt); > + > + address = getenv("WMII_ADDRESS"); > >
[Fwd: [PATCH] pledge x11/wmii (and other ports?)]
...And I meant for this to go to ports. Sorry. Original Message Subject: [PATCH] pledge x11/wmii (and other ports?) From:tro...@kagu-tsuchi.com Date:Sun, November 22, 2015 12:24 pm To: m...@openbsd.org -- I haven't seen much discussion about applying pledge to ports, so I thought I'd find out how people feel about it. I chose to start with x11/wmii because a) It's no longer officially developed so (other than updating the port to the last release) it's not going to change. b) I might be the only one left who uses it. I've been running it pledged since it was tame. I can see downsides to this such as, ports maintainers not necessarily being involved in the development of the port and having a lower understanding of the code as compared to OBSD developers with base code, or not having the ability to reorganize or change the code in a way that improves it for pledge. Tim. Index: Makefile === RCS file: /cvs/ports/x11/wmii/Makefile,v retrieving revision 1.21 diff -u -p -r1.21 Makefile --- Makefile12 Nov 2015 09:59:41 - 1.21 +++ Makefile20 Nov 2015 22:33:36 - @@ -3,7 +3,7 @@ COMMENT= dynamic window manager DISTNAME= wmii-3.6 -REVISION= 6 +REVISION= 7 CATEGORIES=x11 HOMEPAGE= http://wmii.suckless.org/ cvs server: Diffing patches Index: patches/patch-cmd_wmii_main_c === RCS file: patches/patch-cmd_wmii_main_c diff -N patches/patch-cmd_wmii_main_c --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-cmd_wmii_main_c 20 Nov 2015 22:33:36 - @@ -0,0 +1,13 @@ +$OpenBSD$ +--- cmd/wmii/main.c.orig Sun Oct 18 15:10:20 2015 cmd/wmii/main.cSun Oct 18 15:10:33 2015 +@@ -408,6 +408,9 @@ main(int argc, char *argv[]) { + WinAttr wa; + int i; + ++ if (pledge("stdio rpath cpath fattr unix proc exec prot_exec", NULL) == -1) ++ err(1, "pledge"); ++ + fmtinstall('r', errfmt); + fmtinstall('C', Cfmt); + Index: patches/patch-cmd_wmiir_c === RCS file: patches/patch-cmd_wmiir_c diff -N patches/patch-cmd_wmiir_c --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-cmd_wmiir_c 20 Nov 2015 22:33:36 - @@ -0,0 +1,13 @@ +$OpenBSD$ +--- cmd/wmiir.c.orig Sun Oct 18 15:09:57 2015 cmd/wmiir.cSun Oct 18 15:10:44 2015 +@@ -312,6 +312,9 @@ main(int argc, char *argv[]) { + exectab *tab; + int ret; + ++ if (pledge("stdio unix", NULL) == -1) ++ err(1, "pledge"); ++ + fmtinstall('r', errfmt); + + address = getenv("WMII_ADDRESS");
Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]
That diff is completely wrong. The addition of "prot_exec" to a pledge should result in some significant questions. You can't pledge a program if you don't understand what it is doing, and why. Misapplication of pledge like this will result in a nightmare. > On Sun, Nov 22, 2015 at 12:38:22PM -0500, trondd wrote: > > ...And I meant for this to go to ports. Sorry. > > > > Original Message > > Subject: [PATCH] pledge x11/wmii (and other ports?) > > From:tro...@kagu-tsuchi.com > > Date:Sun, November 22, 2015 12:24 pm > > To: m...@openbsd.org > > -- > > > > I haven't seen much discussion about applying pledge to ports, so I > > thought I'd > > find out how people feel about it. > > I like it. > > > I chose to start with x11/wmii because > > a) It's no longer officially developed so (other than updating the port to > > the > > last release) it's not going to change. > > b) I might be the only one left who uses it. > > Yes. I'm pretty sure you are ;) > > However, I would consider github sunaku/wmii the "new" upstream, so > maybe try to push the patches there as and gently ask for release. > > > I've been running it pledged since it was tame. > > > > I can see downsides to this such as, ports maintainers not necessarily being > > involved in the development of the port and having a lower understanding > > of the > > code as compared to OBSD developers with base code, or not having the > > ability > > to reorganize or change the code in a way that improves it for pledge. > > > > Tim. > > > > > > Index: Makefile > > === > > RCS file: /cvs/ports/x11/wmii/Makefile,v > > retrieving revision 1.21 > > diff -u -p -r1.21 Makefile > > --- Makefile12 Nov 2015 09:59:41 - 1.21 > > +++ Makefile20 Nov 2015 22:33:36 - > > @@ -3,7 +3,7 @@ > > COMMENT= dynamic window manager > > DISTNAME= wmii-3.6 > > -REVISION= 6 > > +REVISION= 7 > > CATEGORIES=x11 > > HOMEPAGE= http://wmii.suckless.org/ > > cvs server: Diffing patches > > Index: patches/patch-cmd_wmii_main_c > > === > > RCS file: patches/patch-cmd_wmii_main_c > > diff -N patches/patch-cmd_wmii_main_c > > --- /dev/null 1 Jan 1970 00:00:00 - > > +++ patches/patch-cmd_wmii_main_c 20 Nov 2015 22:33:36 - @@ -0,0 > > +1,13 @@ > > +$OpenBSD$ > > +--- cmd/wmii/main.c.orig Sun Oct 18 15:10:20 2015 > > cmd/wmii/main.cSun Oct 18 15:10:33 2015 > > +@@ -408,6 +408,9 @@ main(int argc, char *argv[]) { > > + WinAttr wa; > > + int i; > > + > > ++ if (pledge("stdio rpath cpath fattr unix proc exec prot_exec", > > NULL) == -1) > > ++ err(1, "pledge"); > > ++ > > + fmtinstall('r', errfmt); > > + fmtinstall('C', Cfmt); > > + > > Index: patches/patch-cmd_wmiir_c > > === > > RCS file: patches/patch-cmd_wmiir_c > > diff -N patches/patch-cmd_wmiir_c > > --- /dev/null 1 Jan 1970 00:00:00 - > > +++ patches/patch-cmd_wmiir_c 20 Nov 2015 22:33:36 - > > @@ -0,0 +1,13 @@ > > +$OpenBSD$ > > +--- cmd/wmiir.c.orig Sun Oct 18 15:09:57 2015 > > cmd/wmiir.cSun Oct 18 15:10:44 2015 > > +@@ -312,6 +312,9 @@ main(int argc, char *argv[]) { > > + exectab *tab; > > + int ret; > > + > > ++ if (pledge("stdio unix", NULL) == -1) > > ++ err(1, "pledge"); > > ++ > > + fmtinstall('r', errfmt); > > + > > + address = getenv("WMII_ADDRESS"); > > > > >