Re: pledge(2) for the i3 window manager

2016-01-18 Thread David Coppa
On Sun, Jan 17, 2016 at 11:37 PM, Theo Buehler wrote: > With the help of semarie@ we managed to get an improved version of these > patches upstream: > > https://github.com/i3/i3/pull/2161 > > Many thanks also to bcook@ and landry@ for their handholding while I was > fighting a

Re: pledge(2) for the i3 window manager

2016-01-17 Thread Theo Buehler
With the help of semarie@ we managed to get an improved version of these patches upstream: https://github.com/i3/i3/pull/2161 Many thanks also to bcook@ and landry@ for their handholding while I was fighting a hopeless battle with git. The current version of the patches has the flaw that $

Re: pledge(2) for the i3 window manager

2015-12-22 Thread dan mclaughlin
On Tue, 22 Dec 2015 03:53:54 -0500 Jiri B wrote: > On Mon, Dec 21, 2015 at 03:34:43PM -0500, dan mclaughlin wrote: > > yes they are huge beasts, but they can still be forced into cages. half my > > posts seem to refer to back to this, but.. you can try: > > > > 'isolating

Re: pledge(2) for the i3 window manager

2015-12-22 Thread Jiri B
On Mon, Dec 21, 2015 at 03:34:43PM -0500, dan mclaughlin wrote: > yes they are huge beasts, but they can still be forced into cages. half my > posts seem to refer to back to this, but.. you can try: > > 'isolating untrusted programs in ssh chroot jails' >

Re: pledge(2) for the i3 window manager

2015-12-21 Thread dan mclaughlin
On Mon, 21 Dec 2015 09:51:07 -0500 Jiri B wrote: > Respect for your work but I'm asking myself - what is > the attack vector? > > IMO pdf viewers, browsers and similar apps would have > much bigger sense to pledge(). Unfortunatelly they are > huge beasts :/ > > j. > yes they

Re: pledge(2) for the i3 window manager

2015-12-21 Thread David Coppa
On Mon, Dec 21, 2015 at 12:21 AM, Ralf Horstmann wrote: > * Theo Buehler [2015-12-20 19:26]: >> On Sun, Dec 20, 2015 at 06:59:56PM +0100, Ralf Horstmann wrote: >> > gdb shows this: >> > #0 0x0ae4d48740ca in shmget () at :2 >> [...] >> > #8

Re: pledge(2) for the i3 window manager

2015-12-21 Thread Josh Grosse
On Mon, Dec 21, 2015 at 10:30:43AM +0100, David Coppa wrote: > So I'd say put this in as local patches. > If you don't hear any loud scream for the next two weeks or so, send > it upstream with a pull request on github. Just built from commit; no loud screams from me, not even a wimper. Working

Re: pledge(2) for the i3 window manager

2015-12-21 Thread Jiri B
Respect for your work but I'm asking myself - what is the attack vector? IMO pdf viewers, browsers and similar apps would have much bigger sense to pledge(). Unfortunatelly they are huge beasts :/ j.

Re: pledge(2) for the i3 window manager

2015-12-20 Thread Ralf Horstmann
* Theo Buehler [2015-12-20 19:26]: > On Sun, Dec 20, 2015 at 06:59:56PM +0100, Ralf Horstmann wrote: > > gdb shows this: > > #0 0x0ae4d48740ca in shmget () at :2 > [...] > > #8 0x0ae20f9077e4 in init_xcb_late (fontname=Variable "fontname" > > is not

pledge(2) for the i3 window manager

2015-12-20 Thread Theo Buehler
I understand that pledging a port adds complexity to its maintenance and I am not convinced the patch below should be committed to the ports tree. However, since there appears to be a considerable numer of users of i3 among OpenBSD users, there might be some interest in this patch, so I'd like to

Re: pledge(2) for the i3 window manager

2015-12-20 Thread Theo Buehler
On Sun, Dec 20, 2015 at 06:59:56PM +0100, Ralf Horstmann wrote: > gdb shows this: > #0 0x0ae4d48740ca in shmget () at :2 [...] > #8 0x0ae20f9077e4 in init_xcb_late (fontname=Variable "fontname" is > not available. Whoops, I missed that one. Thanks for the backtrace. This

Re: pledge(2) for the i3 window manager

2015-12-20 Thread David Coppa
On Sun, Dec 20, 2015 at 2:02 PM, Theo Buehler wrote: > I understand that pledging a port adds complexity to its maintenance > and I am not convinced the patch below should be committed to the ports > tree. > > However, since there appears to be a considerable numer of users of

Re: pledge(2) for the i3 window manager

2015-12-20 Thread Theo Buehler
On Sun, Dec 20, 2015 at 02:30:24PM +0100, David Coppa wrote: > On Sun, Dec 20, 2015 at 2:02 PM, Theo Buehler wrote: > > I understand that pledging a port adds complexity to its maintenance > > and I am not convinced the patch below should be committed to the ports > > tree. > >

Re: pledge(2) for the i3 window manager

2015-12-20 Thread Theo Buehler
On Sun, Dec 20, 2015 at 09:14:45AM -0500, Bryan Everly wrote: > Should we consider applying this diff to upstream to avoid the > maintenance issue? I think we should. As I wrote: > >> I'd need some positive test reports to be persuaded > >> to try to upstream this. I think we need some good

Re: pledge(2) for the i3 window manager

2015-12-20 Thread Bryan Everly
Should we consider applying this diff to upstream to avoid the maintenance issue? Thanks, Bryan > On Dec 20, 2015, at 8:31 AM, David Coppa wrote: > >> On Sun, Dec 20, 2015 at 2:02 PM, Theo Buehler wrote: >> I understand that pledging a port adds complexity

Re: pledge(2) for the i3 window manager

2015-12-20 Thread Ralf Horstmann
Hi, the diff prevents i3bar from starting here: i3bar(26685): syscall 289 "" gdb shows this: #0 0x0ae4d48740ca in shmget () at :2 #1 0x0ae502e15ae4 in can_use_shm () from /usr/local/lib/libcairo.so.12.3 #2 0x0ae502e15c3b in _cairo_xcb_connection_query_shm () from