Re: kern.allowkmem in examples?

2017-05-22 Thread Sebastien Marie
r/db/acpi. -- Sebastien Marie

Re: pledge(2): prof promise

2017-04-20 Thread Sebastien Marie
On Thu, Apr 20, 2017 at 12:08:02PM +0200, Sebastien Marie wrote: > > profil(2) syscall itself could be allowed in "stdio" with specifics > arguments: profil(NULL, 0, 0, 0) (but some code inspection should be > done before: extending "stdio" is not neutral - think t

Re: pledge(2): prof promise

2017-04-20 Thread Sebastien Marie
oxing). Only this particular call of profil(2) is ran under pledge(2): the first call is done before calling main() so before any pledge(2) call setted by user code. -- Sebastien Marie

Re: pledge(2): prof promise

2017-04-20 Thread Sebastien Marie
uires "stdio" promise too (sysctl(3) code, getuid(2), ...) Thanks. -- Sebastien Marie On Thu, Apr 20, 2017 at 08:18:59AM +0200, Anton Lindqvist wrote: > Hi, > Profiling a pledged program using gprof(1) is not possible since the > profil(2) syscall is not allowed. I have prev

./usr/include/g++/std removed from distrib/sets/lists/

2017-04-18 Thread Sebastien Marie
in base or ports. Below is a diff to put it back in case it is important. Thanks. -- Sebastien Marie Index: gcc.alpha === RCS file: /cvs/src/distrib/sets/lists/comp/gcc.alpha,v retrieving revision 1.2 diff -u -p -r1.2 gcc.alpha

Re: pledge vs. sockopt IP_HDRINCL

2017-03-11 Thread Sebastien Marie
net/mtr to avoid defining multiples sockets (one per protocol) and to control TOS and TTL fields in the IP header. As alternative code is present in net.c (in case IP_HDRINCL isn't defined), isn't possible to use it instead of extending "inet" promise ? Thanks. -- Sebastien Marie

Re: regress/pledge: test for sendfd/recvfd

2017-02-21 Thread Sebastien Marie
On Tue, Feb 21, 2017 at 08:31:43PM +0100, Sebastien Marie wrote: > Hi, > > The following diff adds regress tests for sendfd/recvfd promises. > same diff, but rebased in right directory, and including Makefile modification. sorry. -- Sebastien Marie Ind

regress/pledge: test for sendfd/recvfd

2017-02-21 Thread Sebastien Marie
= VREG VDIR VBLK VCHAR VLNK VSOCK VFIFO $ ./sendrecvfd sendfd VDIR Abort trap (core dumped) And Makefile has some loop to testing all cases. -- Sebastien Marie Index: Makefile === RCS file: Makefile diff -N Makefile --- /dev/null

regress/pledge: ioctl override a user settings

2017-02-19 Thread Sebastien Marie
Hi, The Makefile for regress/sys/kern/pledge/ioctl defines a user-settings (SUDO), and makes it to fail when doas(1) isn't configured. So just remove it, as it should be defined in /etc/mk.conf is needed. -- Sebastien Marie Index: Mak

regress/pledge: generic cleanup

2017-02-18 Thread Sebastien Marie
x27;t very practical for rerun only individual tests. Futher tests additions should occurs as individual tests (as "regress/sys/kern/pledge/ioctl"). I will also try to rewrite tests in generic as individual tests. Thanks. -- Sebastien Marie Index: main.c ===

ssh-keygen: vfprintf %s NULL

2017-02-06 Thread Sebastien Marie
)' The comment in your key file has been changed. The following diff should correct it. As side note, I found the output of ssh-keygen a bit confusing as the printed comment is the old one (but it could be due to english isn't my

Re: "savecore: /dev/sd1b: Device not configured" error on boot, for no valid reason

2017-02-04 Thread Sebastien Marie
luding the kernel image, onto the dump device. So physical RAM + some megas for kernel ? > On 2017-02-04 03:17, Philip Guenther wrote: > > On Fri, 3 Feb 2017, Sebastien Marie wrote: > > ... > > > My understanding is if savecore(8) is able to extract bsd.core > > &g

Re: tcpdump(63969): syscall 54 "tty"

2017-01-24 Thread Sebastien Marie
n not permitted 939 tcpdump PSIG SIGABRT SIG_DFL 939 tcpdump NAMI "tcpdump.core" (here is a error I faked as I don't reproduce your problem). Thanks. -- Sebastien Marie

correction on faq about ftp-proxy (was Re: FTP behind PF)

2017-01-15 Thread Sebastien Marie
ations, you found two documentation bugs ! The man page one was already commited by deraadt@, for the faq the following patch should do the work. Thanks. -- Sebastien Marie Index: faq/pf/ftp.html === RCS file: /cvs/www/faq/pf/ftp.h

typo in ftp-proxy.8

2017-01-14 Thread Sebastien Marie
Hi, The user of ftp-proxy(8) for privdrop is _ftp_proxy. The man page has a typo in the username mentionned. src/usr.sbin/ftp-proxy/ftp-proxy.c 54 55 #define CHROOT_DIR "/var/empty" 56 #define NOPRIV_USER "_ftp_proxy" 57 Thanks. -- Sebastien Marie

Re: openssl.pc version

2017-01-09 Thread Sebastien Marie
On Mon, Jan 09, 2017 at 06:12:37PM +, Stuart Henderson wrote: > On 2017/01/09 19:00, Sebastien Marie wrote: > > On Sun, Jan 08, 2017 at 12:29:50PM +0100, Sebastien Marie wrote: > > > Hi, > > > > > > The "OpenSSL bindings for Rust" checks,

Re: openssl.pc version

2017-01-09 Thread Sebastien Marie
On Sun, Jan 08, 2017 at 12:29:50PM +0100, Sebastien Marie wrote: > Hi, > > The "OpenSSL bindings for Rust" checks, using pkg-config, the version of > openssl installed, and target 1.0.1 as minimal version. > > Under OpenBSD, /usr/lib/pkgconfig/openssl.pc is gene

openssl.pc version

2017-01-08 Thread Sebastien Marie
"Version: 1.0.0" as on OpenBSD. Thanks. -- Sebastien Marie

Re: Recursive NET_LOCK()

2017-01-03 Thread Sebastien Marie
lem, whereas previously panic occurred soon after starting. I will keep it running. Thanks. -- Sebastien Marie

lpd: vfprintf %s NULL in "mail sent to user %s about job %s on printer %s (%s)"

2016-11-20 Thread Sebastien Marie
clyde lpd[9254]: lp: job could not be printed (cfA014clyde.local) -- Sebastien Marie Index: lpd/printjob.c === RCS file: /cvs/src/usr.sbin/lpr/lpd/printjob.c,v retrieving revision 1.57 diff -u -p -U5 -r1.57 printjob.c --- lpd/printjo

Re: CVS: cvs.openbsd.org: xenocara - pledge update for xterm

2016-10-24 Thread Sebastien Marie
"cpath" was for Tek emulation window. I also reviewed several functions for ensuring no others use of "cpath" after pledging. Ideally, additionnal review would be welcome: xterm(1) is a big program, and #ifdef maze is a bit compl

Re: traceroute(8): drop to _traceroute user

2016-09-27 Thread Sebastien Marie
root will still make the program run with effective uid as root, isn't it ? I think we always want to drop effective uid once SOCK_RAW socket has been opened. Thanks. -- Sebastien Marie > Index: usr.sbin/traceroute/traceroute.c > =

Re: makes struct kinfo_file to provide va_nlink

2016-09-25 Thread Sebastien Marie
On Sat, Sep 24, 2016 at 04:35:39PM -0700, Philip Guenther wrote: > On Sat, 24 Sep 2016, Sebastien Marie wrote: > ... > > The following diff adds a `va_nlink' member in `struct kinfo_file'. The > > information become available though sysctl(3) via KERN_FILE interface, &

makes struct kinfo_file to provide va_nlink

2016-09-24 Thread Sebastien Marie
sndiod(ok) # check that now, the running process use the new inode. $ fstat | grep 'sndio.*text' _sndio sndiod 79950 text /usr 2754467 -r-xr-xr-x r 80160 _sndiop sndiod 1725 text /usr 2754467 -r-xr-xr-x r80160 Does it make any interest ? Thanks. --

Re: CVS: cvs.openbsd.org: src

2016-08-10 Thread Sebastien Marie
moved files: > etc: csh.cshrc csh.login csh.logout > > Log message: > remove pointless csh placeholder files from /etc > > ok jung@ (some time ago) phessler@ > does /etc/changelist should be cleared too ? I am unsure as it could also make sens to keep csh.{cshrc,login,

Re: pledge bpf + 32bit arch unbreak

2016-07-05 Thread Sebastien Marie
On Tue, Jul 05, 2016 at 08:12:05PM +0200, Martin Pelikan wrote: > > The uint64_t part still stands. > ok semarie@ -- Sebastien Marie

Re: xdm halt & reboot buttons

2016-07-01 Thread Sebastien Marie
;restricted" (with -U, -x ...) : else any running xmessage(1) program on the host will be killed (remote X11 xmessage on the host while another user log using xdm). -- Sebastien Marie

Re: dovutimens(): call vput() on error

2016-06-26 Thread Sebastien Marie
On Sun, Jun 26, 2016 at 12:37:57PM -0700, Philip Guenther wrote: > On Sun, Jun 26, 2016 at 9:09 AM, Sebastien Marie wrote: > > In the following code, namei() call is done in doutimensat(), and > > nd.ni_vp is passed to dovutimens() as vp. > > > > In the same way, i

sys_revoke: call vrele() on error

2016-06-26 Thread Sebastien Marie
Hi, When calling revoke(2) on a no-tty device, we return ENOTTY without relaxing the vnode obtained with namei(). Use the error code path instead to call vrele(vp) before returning ENOTTY. OK ? -- Sebastien Marie Index: kern/vfs_syscalls.c

dovutimens(): call vput() on error

2016-06-26 Thread Sebastien Marie
Hi, In the following code, namei() call is done in doutimensat(), and nd.ni_vp is passed to dovutimens() as vp. In the same way, in dofutimens() the vp (from getvnode) is vref() before calling dovutimens(). So I think we should call vput() before returning any error. -- Sebastien Marie Index

domknodat: use error path when FIFO not setted

2016-06-25 Thread Sebastien Marie
;nd) call with: NDINITAT(&nd, CREATE, LOCKPARENT, UIO_USERSPACE, fd, path, p); Does it makes sens ? -- Sebastien Marie Index: kern/vfs_syscalls.c === RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.256

Re: Allow device/fifo creation with zipped archives

2016-06-22 Thread Sebastien Marie
t;stdio rpath wpath dpath fattr cpath getpw > ioctl", > NULL) == -1) > err(1, "pledge"); > } > I agree with your diff. While here, reorder pledge promises to make the order consistent in pa

Re: simpler audioctl

2016-06-19 Thread Sebastien Marie
for (f = fields; f->name != NULL; f++) { > + printf("%s=", f->name); > + print_val(f, f->raddr); > + printf("\n"); > } > - } else { > - while (argc--) { > - char *q; > - > - if ((q = strchr(*argv, '=')) != NULL) { > - *q++ = 0; > - p = findfield(*argv); > - if (p == 0) > - warnx("field `%s' does not exist", > *argv); > - else { > - if (!canwrite) > - errx(1, "%s: permission denied", > - *argv); > - if (p->flags & READONLY) > - warnx("`%s' is read only", > *argv); > - else { > - rdfield(p, q); > - if (p->valp == &fullduplex) > - if (ioctl(fd, > AUDIO_SETFD, > - &fullduplex) < 0) > - err(1, "set > failed"); > - } > - writeinfo = 1; > - } > - } else { > - p = findfield(*argv); > - if (p == 0) > - warnx("field %s does not exist", *argv); > - else { > - prfield(p, sep); > - } > - } > - argv++; > + } > + AUDIO_INITPAR(&wpar); > + for (; argc > 0; argc--, argv++) { > + lhs = *argv; > + rhs = strchr(*argv, '='); > + if (rhs) > + *rhs++ = '\0'; > + for (f = fields;; f++) { > + if (f->name == NULL) > + errx(1, "%s: unknown parameter", lhs); > + if (strcmp(f->name, lhs) == 0) > + break; > } > - if (writeinfo) { > - info.record.sample_rate = info.play.sample_rate; > - info.record.encoding = info.play.encoding; > - info.record.precision = info.play.precision; > - info.record.bps = info.play.bps; > - info.record.msb = info.play.msb; > - info.record.block_size = block_size * > - info.record.bps * info.record.channels; > - info.play.block_size = block_size * > - info.play.bps * info.play.channels; > - if (ioctl(fd, AUDIO_SETINFO, &info) < 0) > - err(1, "set failed"); > + if (rhs) { > + if (f->waddr == NULL) > + errx(1, "%s: is read only", f->name); > + parse_val(f, f->waddr, rhs); > + f->set = 1; > + set = 1; > + } else { > + if (print_names) > + printf("%s=", f->name); > + print_val(f, f->raddr); > + printf("\n"); > } > - getinfo(fd); > - for (i = 0; fields[i].name; i++) { > - if (fields[i].flags & SET) { > - prfield(&fields[i], sep); > - } > + } > + if (!set) > + return 0; > + if (ioctl(fd, AUDIO_SETPAR, &wpar) < 0) > + err(1, "AUDIO_SETPAR"); > + if (ioctl(fd, AUDIO_GETPAR, &wpar) < 0) > + err(1, "AUDIO_GETPAR"); > + for (f = fields; f->name != NULL; f++) { > + if (!f->set || quiet) > + continue; > + if (print_names) { > + printf("%s: ", f->name); > + print_val(f, f->raddr); > + printf(" -> "); > } > + print_val(f, f->waddr); > + printf("\n"); > } > - exit(0); > + return 0; > } > > -- Sebastien Marie

Re: opendev(3) tweak

2016-06-10 Thread Sebastien Marie
ledge"); > - > while ((ch = getopt(argc, argv, "iegpuvf:c:h:s:l:b:y")) != -1) { > const char *errstr; > > @@ -168,6 +164,10 @@ main(int argc, char *argv[]) > > disk.name = argv[0]; > DISK_open(i_flag || u_flag || e_flag); > + > + /* "proc exec" for man page display */ > + if (pledge("stdio rpath wpath disklabel proc exec", NULL) == -1) > + err(1, "pledge"); > > error = MBR_read(0, &dos_mbr); > if (error) > > -- Sebastien Marie

Re: video(1) munmap fix

2016-06-02 Thread Sebastien Marie
d->bpf); > + if (vid->mmap_buffer[i] != NULL) > + r = munmap(vid->mmap_buffer[i], vid->bpf); > if (r == -1) { > warn("munmap"); > return 0; > > -- Sebastien Marie

Re: fsck_msdofs and pledge disklabel

2016-05-28 Thread Sebastien Marie
{ > int ch; > > - if (pledge("stdio rpath wpath disklabel", NULL) == -1) > - err(1, "pledge"); > - > while ((ch = getopt(argc, argv, "pynf")) != -1) { > switch (ch) { > case 'f': > > -- Sebastien Marie

Re: opendev and pledge: "privsep" for dumpfs(8)

2016-05-13 Thread Sebastien Marie
d) will only do write(2). so in *all cases*, the process that proceed untrusted data is pledged. not only if you pass one argument. -- Sebastien Marie

Re: xclock patch

2016-05-07 Thread Sebastien Marie
7;t need pledge. Is that right? > now, I am unsure about correctly understood your message :) access(2) requires "rpath" too. But some paths could be whitelisted (only "/etc/localtime" and "/var/run/ypbind.lock"). -- Sebastien Marie

Re: xclock patch

2016-05-07 Thread Sebastien Marie
and _XOpenFile will do access(2) and open(2) on filename, and kernel will kill it due to pledge. I am still unsure if adding "rpath" is the good way to deal with that. But the problem you saw could be related to some X11 error that trigger a access(2) or a open(2) for showing error message. -- Sebastien Marie

Re: xclock patch

2016-05-06 Thread Sebastien Marie
uld be a open(2) call in some X11R6 library. One possibility is error code path: in xterm, the commit message for justifying "rpath" is: for X11 error ("X Error of failed request: ...") which read at least /usr/X11R6/share/X11/XErrorDB. Maybe we should identify correctly these open(2) call in X11R6 libraries ? -- Sebastien Marie

Re: xclock patch

2016-05-03 Thread Sebastien Marie
int, the program required "rpath" promise but didn't pledge it (so it was killed). But it could be good for us to know *why* it needs it :) Could you provide a way to reproduce it ? It could be command-line used, actions that have been done, or any others clues... a backtrace could als

openssl: ocsp: needs to pledge "dns" promise

2016-04-26 Thread Sebastien Marie
: openssl(15019): syscall 97 "dns" backtrace at https://gist.github.com/kAworu/dc30ead97d3b44b5cabb67b134362820 After testing, the following diff corrects the problem. OK ? -- Sebastien Marie Index: ocsp.c === RCS file

pledge: serialize (v2 - reordering version)

2016-04-25 Thread Sebastien Marie
cated string on error - set `flags' and `wl' to struct proc. In order to avoid abuse of repeatively call pledge(NULL, BIGLIST) for DoSing the kernel (1. doing parsing / 2. get error / 3. goto 1), I keep a check at beginning of `paths' parsing, and commented it accordingly. Com

Re: pledge: remove unneeded check in sys_pledge()

2016-04-25 Thread Sebastien Marie
On Sun, Apr 10, 2016 at 01:54:33PM +0200, Sebastien Marie wrote: > Hi, > > The following diff removes an unneeded check on flags. It was used > historically, when tame(2) promises were passed as bitflags, in order to > avoid userland to be able to set flags normally ma

Re: pledge: simplify check for "allow only reductions"

2016-04-25 Thread Sebastien Marie
On Sun, Apr 10, 2016 at 03:09:44PM +0200, Sebastien Marie wrote: > Hi, > > The following diff simplifies the check for allowing only promises > reductions. ping ? > Please review it carefully: it implies several bitwise operations. > > I will try also to explain the diff

Re: synaptics: two-finger scrolling and coasting

2016-04-21 Thread Sebastien Marie
. I am OK with it, but as I am not really competent in this area you shouldn't take my OK as really authoritative :) Thanks. -- Sebastien Marie

Re: changelist: rm unbound/db/root.key

2016-04-20 Thread Sebastien Marie
On Wed, Apr 20, 2016 at 09:21:16AM +0100, Stuart Henderson wrote: > This file changes twice a day if you're validating dnssec and > it's pretty pointless to warn about in security(8). > > OK? yes please. OK semarie@ -- Sebastien Marie

changelist: adds iked pub/private key ?

2016-04-19 Thread Sebastien Marie
Hi, I noted that iked(8) default key (generated at boot time by rc(8) if it doesn't exist yet) aren't present in changelist(5), whereas the same keys for isakmpd(8) are. Does adding /etc/iked/local.pub and /etc/iked/private/local.key to changelist(5) makes sens ? -- Sebastien Mar

patch: acpitz: active cooling and notify 0x81

2016-04-19 Thread Sebastien Marie
n OFF if the state is unknown. Thanks for testing it. -- Sebastien Marie Index: sys/dev/acpi/acpitz.c === RCS file: /cvs/src/sys/dev/acpi/acpitz.c,v retrieving revision 1.49 diff -u -p -r1.49 acpitz.c --- sys/dev/acpi/acpitz.c

pledge: document "mcast" promise

2016-04-12 Thread Sebastien Marie
multicast group - IPV6_LEAVE_GROUP : Leave a multicast group - IP_MULTICAST_IF : same but for ipv4 - IP_ADD_MEMBERSHIP - IP_DROP_MEMBERSHIP Comments ? -- Sebastien Marie Index: lib/libc/sys/pledge.2 === RCS file: /cvs/src/lib/

Re: add "route" promise to pledge.2

2016-04-11 Thread Sebastien Marie
tls and sysctls interfaces for routing will confirm the exactness of the description (or provide a more precise description). I added in Cc people using "route" promise (in dhclient, iked, bgpd, dhcpcd, route6d, rtadvd), which should be competent for th

Re: pledge.2: sync list of syscalls with kern_pledge.c

2016-04-10 Thread Sebastien Marie
gt; -.Xr chflags 2 , > -.Xr chflagsat 2 , > .Xr chown 2 , > +.Xr fchown 2 , > .Xr fchownat 2 , > .Xr lchown 2 , > -.Xr fchown 2 , > .Xr utimes 2 . > .It Va "flock" > File locking via > @@ -353,7 +369,9 @@ a few system calls become able to allow > .Xr s

pledge: simplify check for "allow only reductions"

2016-04-10 Thread Sebastien Marie
`ps_pledge' doesn't have. (The diff was generated in a way it doesn't depend on previous one) Comments ? -- Sebastien Marie Index: kern/kern_pledge.c === RCS file: /cvs/src/sys/kern/kern_pledge.c,v retrieving revisi

pledge: remove unneeded check in sys_pledge()

2016-04-10 Thread Sebastien Marie
string in controlled way. So userland can't set high bits in flags. Comments ? OK ? -- Sebastien Marie Index: kern/kern_pledge.c === RCS file: /cvs/src/sys/kern/kern_pledge.c,v retrieving revision 1.162 diff -u -p -r

Re: patch: serialize multiple threads calling pledge(2)

2016-04-09 Thread Sebastien Marie
e of tsleep(9), it was a way proposed to me for resolving the "atomic" view of pledge(2) from userland, with getblk() as example. But as I am far to understand all internals in kernel, I have no problem to look at another way to resolv this. Thanks. -- Sebastien Marie

patch: serialize multiple threads calling pledge(2)

2016-04-09 Thread Sebastien Marie
continue is done using a new flag PLEDGE_BUSY, which mark a thread of the current process is currently inside sys_pledge(). This diff was done with the help of deraadt@ and guenther@. Comments or OK ? -- Sebastien Marie Index: sys/kern/kern_pledge.c

Re: [patch] ftpd: ptr == NULL

2016-04-06 Thread Sebastien Marie
On Wed, Apr 06, 2016 at 06:50:04AM +0200, Sebastien Marie wrote: > On Tue, Apr 05, 2016 at 08:22:22PM +0200, frit...@alokat.org wrote: > > Hi, > > > > cmd is a ptr. > > > > --f. > > I am OK with it (after a small change for fit 80 cols) > Commited. Thanks ! -- Sebastien Marie

Re: [patch] ftpd: ptr == NULL

2016-04-05 Thread Sebastien Marie
nt == 0 && cmd == NULL && S_ISREG(st.st_mode))); > + if ((cmd == NULL) && stats) > logxfer(name, byte_count, start); > (void) fclose(dout); > data = -1; > @@ -1214,7 +1214,7 @@ > if (pdata >= 0) > (void) close(pdata); > pdata = -1; > - if (cmd == 0) { > + if (cmd == NULL) { > LOGBYTES("get", name, byte_count); > fclose(fin); > } else { > > -- Sebastien Marie

Re: [patch] ftpd: pledge(2)

2016-04-03 Thread Sebastien Marie
On Sun, Apr 03, 2016 at 06:28:21PM +0200, Sebastien Marie wrote: > > + > > + if (pledge("stdio rpath getpw proc wpath cpath > > inet ioctl sendfd recvfd", > > + NULL) == -1) { > > +

Re: [patch] ftpd: pledge(2)

2016-04-03 Thread Sebastien Marie
if (pledge("stdio proc dns inet sendfd", > + NULL) == -1) { > + fatalx("pledge"); > + } > > send_data(fd_slave, &slavequit, > sizeof(slavequit)); > > -- Sebastien Marie

Re: [patch] ftpd: pledge(2)

2016-04-02 Thread Sebastien Marie
> if ((pw = getpwnam(FTPD_PRIVSEP_USER)) == NULL) > @@ -193,6 +197,10 @@ > > endpwent(); > close(fd_slave); > + > + if (pledge("stdio", NULL) == -1) > + err(1, "pledge"); > + I like this one :) > return (1); > } > Thanks ! -- Sebastien Marie

Re: realpath additions

2016-03-21 Thread Sebastien Marie
OMEM on failure. > return (NULL); > + } > mem_allocated = 1; > } else > mem_allocated = 0; > > > -- Sebastien Marie

pledge: wl_paths evaluation order error + memory leak

2016-03-15 Thread Sebastien Marie
Hi, The following diff corrects an evaluation order error and a memory leak in error code path. Comments or OK ? -- Sebastien Marie Index: sys/kern/kern_pledge.c === --- sys/kern/kern_pledge.c.orig 2016-03-15 08:54:33.500610285

pledge: resolvpath() with relative path inside chroot

2016-03-13 Thread Sebastien Marie
ould be invalid whitelisting (bypassing), but the operations after would *not* be altered and the program would not gain any privileges (only information leaks as ENOENT wouldn't be returned as it should). Comments ? OK ? -- Sebastien Marie Index

Re: httpd patterns double free

2016-02-14 Thread Sebastien Marie
t str_match *m) > for (i = 0; i < m->sm_nmatch; i++) > free(m->sm_match[i]); > free(m->sm_match); > + m->sm_match = NULL; > m->sm_nmatch = 0; > } Committed, thanks ! -- Sebastien Marie

Re: httpd patterns double free

2016-02-14 Thread Sebastien Marie
gt; > > However, your patch looks good to me. > > > > natano > > I am sorry, you are right, it was not server_close_http being called twice. > Instead, it was server_reset_http being called twice. > The patch makes sens to me also. I am OK with it. An

Re: "Abort trap" when pledge()d and compiled with -pg

2016-02-13 Thread Sebastien Marie
27; call in each of them). Additionnally, the fact to ignore $PROFDIR stuff would be more complex: userland has no way to know the running program is pledged or not. -- Sebastien Marie

traceroute: pledge "dns" problem

2016-02-11 Thread Sebastien Marie
p the AS number for each hop address) uses DNS service for resolv the AS number. Ok or comments ? -- Sebastien Marie Index: traceroute.c === RCS file: /cvs/src/usr.sbin/traceroute/traceroute.c,v retrieving revision 1.144 dif

Re: unused variable in init(8)

2016-02-01 Thread Sebastien Marie
d *pp; > static const char banner[] = > "Enter root password, or ^D to go multi-user\n"; > - char *clear, *password; > + char *clear; > #endif > > /* Init shell and name */ > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE > > -- Sebastien Marie

Re: ldapd: add -r option to specify datadir path

2016-02-01 Thread Sebastien Marie
|= BT_NOSYNC; > > - if (asprintf(&ns->data_path, "%s/%s_data.db", DATADIR, ns->suffix) < 0) > + if (asprintf(&ns->data_path, "%s/%s_data.db", datadir, ns->suffix) < 0) > return -1; > log_info("opening namespace %s", ns->suffix); > ns->data_db = btree_open(ns->data_path, db_flags | BT_REVERSEKEY, 0644); > @@ -124,7 +125,7 @@ > > btree_set_cache_size(ns->data_db, ns->cache_size); > > - if (asprintf(&ns->indx_path, "%s/%s_indx.db", DATADIR, ns->suffix) < 0) > + if (asprintf(&ns->indx_path, "%s/%s_indx.db", datadir, ns->suffix) < 0) > return -1; > ns->indx_db = btree_open(ns->indx_path, db_flags, 0644); > if (ns->indx_db == NULL) > > -- Sebastien Marie

Re: pledge: audio ioctls on disconnected devices

2016-01-18 Thread Sebastien Marie
On Mon, Jan 18, 2016 at 06:05:31PM +0100, Alexandre Ratchov wrote: > On Mon, Jan 18, 2016 at 01:35:46PM +0100, Sebastien Marie wrote: > > On Mon, Jan 18, 2016 at 12:55:30PM +0100, Alexandre Ratchov wrote: > > > > I am unsure about returning 0 for something we know is wrong

Re: pledge: audio ioctls on disconnected devices

2016-01-18 Thread Sebastien Marie
_VNODE) > + break; > + if (vp->v_type == VCHR && > cdevsw[major(vp->v_rdev)].d_open == audioopen) > + return (0); > + if (vp->v_type == VBAD) > return (0); > } > #endif /* NAUDIO > 0 */ > > -- Sebastien Marie

Re: uudecode(1): add missing "getpw" pledge

2016-01-02 Thread Sebastien Marie
ath cpath getpw", NULL) == -1) > + err(1, "pledge"); > + } else if (pflag == 0) { > if (pledge("stdio rpath wpath cpath", NULL) == -1) > err(1, "pledge"); > } else { > > -- Sebastien Marie

Re: fuser(1): Fix pledge when `u' flag is used

2016-01-02 Thread Sebastien Marie
ust switched to snprintf(3); not sure what's normally done > in such situations. > When possible, we try to keep the `if conditions' and don't construct pledge promises strings by hand. Else it would make pledge promises not grep-able. Could you confirm this diff resolve

pledge: document "dpath" promise

2015-12-16 Thread Sebastien Marie
re ignored. It is already documented in "Some system calls have restrictions applied to them" list. I dunno if "special files" is the right expression for saying "FIFO file" and "special file node" (if I take words from man pages of mkfifo(2) and mknod(2)).

Re: ksh(1): utf8 in emacs editing mode

2015-12-07 Thread Sebastien Marie
echo abcc ^ cursor here in the same manner, it is just a "visual effect", as the line is really "éecho abc" (tested with cut/paste: Ctrl+U Ctrl+Y) Thanks -- Sebastien Marie

pledge: ssh (the client)

2015-11-30 Thread Sebastien Marie
make DEBUG=-g $ cd /usr/src/usr.bin/ssh/ssh/obj && ./ssh -v ... $ cd /usr/src/usr.bin/ssh/ssh/obj && gdb ./ssh ssh.core (gdb) bt ... - any other useful informations :) Thanks for testing. Comments ? -- Sebastien Marie Index: clientloop.c =

Re: calendar: add getpw promise

2015-11-21 Thread Sebastien Marie
ent() call is below if (doall), so I think this is not needed. > > > err(1, "pledge"); > > } > > yes, you are right. matthieu@ said the same... my bad. -- Sebastien Marie Index: calendar.c ==

calendar: add getpw promise

2015-11-21 Thread Sebastien Marie
Hi, Here a patch that should correct a pledge kill in calendar. calendar(1) use getpwent, so it needs "getpw" for running in YP environment. OK ? -- Sebastien Marie Index: calendar.c === RCS file: /cvs/src/usr.bi

Re: tidy up pledge_ioctl

2015-11-03 Thread Sebastien Marie
sockopt(struct proc *p, int set, int level, int optname); > int pledge_socket(struct proc *p, int dns); > -int pledge_ioctl(struct proc *p, long com, void *); > +int pledge_ioctl(struct proc *p, long com, struct file *); > int pledge_flock(struct proc *p); > int pledge_fcntl(struct proc *p, int cmd); > int pledge_swapctl(struct proc *p); > > -- Sebastien Marie

Re: ntpd doesn't work with -sv - syscall 5

2015-10-29 Thread Sebastien Marie
ete report for pledge(2) issue, please refer to previous mails in tech: http://marc.info/?l=openbsd-tech&m=144412493925465&w=2 (note: pledge(2) was tame(2) before). Thanks. -- Sebastien Marie

Re: inteldrm(4) diff that needs testing

2015-10-25 Thread Sebastien Marie
looks close to the one I got when I made that > very mistake, so verify you ran config...) Hey, you are right ! running config before rebuilding help a lot: I see no more problem. -- Sebastien Marie

Re: inteldrm(4) diff that needs testing

2015-10-25 Thread Sebastien Marie
me, I transcribe a small part of it, but I could provide all the backtrace on demand: wsdisplay at inteldrm0 not configured panic: vga_common_setup: can't map vga i/o Stopped at Debuffer+0x7: leave The panic() call is in vga_init() at dev/ic/vga.c:482. The dmesg of the machine with

Re: pledge(2) hangman(6)

2015-10-21 Thread Sebastien Marie
t argc, char *argv[]) > } > signal(SIGINT, die); > setup(); > + > + if (pledge("stdio tty", NULL) == -1) > + err(1, "pledge"); > + > for (;;) { > Wordnum++; >

Re: pledge(2) hangman(6)

2015-10-21 Thread Sebastien Marie
, NULL) == -1) > + err(1, "pledge"); > + so you still need "tty" here. Regards. -- Sebastien Marie

Re: pledge(2) in script(1)

2015-10-20 Thread Sebastien Marie
start script, and create a new-window (Ctrl+B "): tmux will send SIGWINCH signal to the script process for telling it "beware, your window size has changed". And the script process will (try to) send forward this signal to subprocess. Here a di

HOWTO debug/report tame(2) problem / Re: bgpd dying repeatedly on latest snapshot

2015-10-06 Thread Sebastien Marie
move in tame area for now. It will add "abort" request to tame() in bgpd. Next, allow bgpd to make coredump: # mkdir -m 700 /var/crash/bgpd # sysctl kern.nosuidcoredump=3 Run the program, and finally reports your dmesg and gdb-backtrace. I hope it helps. -- Sebastien Marie Index: u

Re: tame userland diff

2015-10-05 Thread Sebastien Marie
Hi Remco, On Mon, Oct 05, 2015 at 07:47:26PM +0200, Remco wrote: > Sebastien Marie wrote: > > > Just a remark about "proc" request. It won't allow calling exec(2), but > > only fork(2) (and some others, see the man page for details). > > > >

Re: tame userland diff

2015-10-03 Thread Sebastien Marie
with TAME flags cleared: it could do what he want. so even if your process is tamed, it could potentially permit all things. it is bad. - if an exec'ed program starts with herited TAME flags: the initialisation of the program would be difficult as it would be already tamed. -- Sebastien Marie

Re: tame(2) nologin(8)

2015-10-03 Thread Sebastien Marie
> } > > while ((nrd = read(nfd, nbuf, sizeof(nbuf))) != -1 && nrd != 0) > write(STDOUT_FILENO, nbuf, nrd); > close (nfd); > > - exit (1); > + return 1; > } > -- Sebastien Marie

Re: [patch] tame.2 documentation about systrace.4

2015-09-23 Thread Sebastien Marie
s another way is possible ? Else, I am not completely sure about saying "systrace is disabled". It isn't systrace(4) per se, but just the possibility to use systrace for this specific program once the tame(2) was called. -- Sebastien Marie Index: lib/libc/sys/tame.2 =

[patch] tame.2 documentation about systrace.4

2015-09-20 Thread Sebastien Marie
Hi, Mentions that using systrace(4) isn't possible when a program has called tame(2). Comments ? OK ? -- Sebastien Marie Index: lib/libc/sys/tame.2 === RCS file: /cvs/src/lib/libc/sys/tame.2,v retrieving revision 1.27 diff

Re: [patch] ld linker problem with -shared and -z defs

2015-09-19 Thread Sebastien Marie
On Sat, Sep 19, 2015 at 10:48:01AM -0700, Philip Guenther wrote: > On Sat, Sep 19, 2015 at 10:29 AM, Sebastien Marie wrote: > > On Sat, Sep 19, 2015 at 10:07:04AM -0700, Philip Guenther wrote: > >> On Sat, Sep 19, 2015 at 9:50 AM, Sebastien Marie > >> wrote: >

Re: [patch] ld linker problem with -shared and -z defs

2015-09-19 Thread Sebastien Marie
On Sat, Sep 19, 2015 at 10:07:04AM -0700, Philip Guenther wrote: > On Sat, Sep 19, 2015 at 9:50 AM, Sebastien Marie wrote: > > While working on building llvm 3.7.0 on openbsd (-current amd64 and > > i386), I encounter a problem when linking a shared library, while > > -Wl,

[patch] ld linker problem with -shared and -z defs

2015-09-19 Thread Sebastien Marie
before for unresolved symbols in objects. If the patch corrects my problem, I don't known enough ld(1) to be sure it doesn't break something else. Comments ? OK ? -- Sebastien Marie Index: elf-bfd.h === RCS file: /cvs/src

libsa: explicit_bzero

2015-09-18 Thread Sebastien Marie
copy libkern code for explicit_bzero into libsa. Comments ? OK ? -- Sebastien Marie Index: explicit_bzero.c === RCS file: /cvs/src/sys/lib/libsa/explicit_bzero.c,v retrieving revision 1.1 diff -u -p -r1.1 explicit_bzero.c

[patch] tame regress for "dns" / "cmsg"

2015-09-18 Thread Sebastien Marie
_TM_SELF | _TM_MALLOC | _TM_DNSPATH TAME_CMSG = _TM_SELF | _TM_RW | _TM_UNIX | TAME_CMSG The following patch restore the behaviour, and make the regress too work again. Comments ? OK ? -- Sebastien Marie Index: kern_tame.c === RCS file:

Re: Call for testers of restricted rmt(8)

2015-09-17 Thread Sebastien Marie
On Tue, Sep 15, 2015 at 10:06:22PM +0200, Alexander Hall wrote: > On 09/12/15 09:13, Sebastien Marie wrote: > > First, some generals remarks: > > > > - The debug feature (not documented) defeat the `-r' flag purpose. > > How do you mean it defeats it? The purpose

Re: Remove NULL checks before free()

2015-09-14 Thread Sebastien Marie
free(res); > syslog(LOG_ERR, "%s: unexpected error with capability %s", > lc->lc_class, cap); > errno = ERANGE; > @@ -359,12 +354,10 @@ login_getcapnum(login_cap_t *lc, char *c > > switch (stat = cgetstr(lc->lc_cap, cap, &res)) { > case -1: > - if (res) > - free(res); > + free(res); > return (def); > case -2: > - if (res) > - free(res); > + free(res); > syslog(LOG_ERR, "%s: getting capability %s: %m", > lc->lc_class, cap); > errno = ERANGE; > @@ -372,8 +365,7 @@ login_getcapnum(login_cap_t *lc, char *c > default: > if (stat >= 0) > break; > - if (res) > - free(res); > + free(res); > syslog(LOG_ERR, "%s: unexpected error with capability %s", > lc->lc_class, cap); > errno = ERANGE; > @@ -417,12 +409,10 @@ login_getcapsize(login_cap_t *lc, char * > > switch (stat = cgetstr(lc->lc_cap, cap, &res)) { > case -1: > - if (res) > - free(res); > + free(res); > return (def); > case -2: > - if (res) > - free(res); > + free(res); > syslog(LOG_ERR, "%s: getting capability %s: %m", > lc->lc_class, cap); > errno = ERANGE; > @@ -430,8 +420,7 @@ login_getcapsize(login_cap_t *lc, char * > default: > if (stat >= 0) > break; > - if (res) > - free(res); > + free(res); > syslog(LOG_ERR, "%s: unexpected error with capability %s", > lc->lc_class, cap); > errno = ERANGE; > @@ -467,12 +456,9 @@ void > login_close(login_cap_t *lc) > { > if (lc) { > - if (lc->lc_class) > - free(lc->lc_class); > - if (lc->lc_cap) > - free(lc->lc_cap); > - if (lc->lc_style) > - free(lc->lc_style); > + free(lc->lc_class); > + free(lc->lc_cap); > + free(lc->lc_style); > free(lc); > } > } > -- Sebastien Marie

[patch] if-free cleanup in sys/arch

2015-09-14 Thread Sebastien Marie
Hi, Here a first sets of "if(x) free(x)" cleanup in sys/arch/ This patch contains only trivial if(x) removal. The size argument in free is keep untouched (because it is already setted, or because it makes sens to keep it to 0). Comments ? OK ? -- Sebastien Marie Index: b/sys/arch/a

<    1   2   3   4   >