Re: pledge xenodm
On Sat, November 3, 2018 7:16 am, Ricardo Mestre wrote: > prodded by deraadt@, here's a rebased diff on xenocara's source root directory, > usually /usr/xenocara. I'm using DisplayManager*autoLogin in xenodm-config and starting xenodm as desired (not at boot) and it logs me in the first time but after ending the X session, when xenodm tries to reset it gets a: xenodm[63122]: pledge "getpw", syscall 33 Turns out, though, this is kind of a bogus use case. I'm trying to exit X. Having it log me right back in again is silly. I like that it kills xenodm. That's actually what I want. :D Tim.
Re: pledge xenodm
this is actually good, I made it as minimal as possible so that it wouldn't break for me, if it breaks for you we can start from there. On 13:41 Sat 03 Nov , Matthieu Herrb wrote: > On Fri, Nov 02, 2018 at 07:03:11PM +, Ricardo Mestre wrote: > > Hi, > > > > Looking at pledging xenodm a little bit more I was able to run it with > > the diff below across X restarts, with stock configuration. > > > > Please test it, if you have special configs better since most likely > > this will break it but we need to know where and why and with that maybe > > trim xenodm's bloat. > > Hi, > > xenodm crashes if one logs out from the first session that was > created. the pldege() call in StartDisplay is too strict. > > I've not had time to fully figure out if this can be fixed. Iirc I > tried when I did the initial work on adding pledge to xenodm and it's > not possible because of the code that creates the auth cookie and > chown()s it to _x11. > > I didn't have time yet to do a more serious testing of the session > pledge. > > > > > DisplayManager: > > rpath: open(2) /etc/X11/xenodm/xenodm-config > > cpath: unlink(2) d->authFile > > proc: kill(2) > > > > Session: > > rpath: open(2) /etc/fbtab > > wpath/cpath: open(2) d->authFile > > fattr: chmod(2) d->authFile > > dns: sysctl(2) for name resolution > > proc: kill(2) > > exec: execve(2) /etc/X11/xenodm/TakeConsole > > id: setuid(2) > > > > Index: dm.c > > === > > RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v > > retrieving revision 1.6 > > diff -u -p -u -r1.6 dm.c > > --- dm.c11 Jul 2018 16:57:04 - 1.6 > > +++ dm.c31 Oct 2018 15:15:49 - > > @@ -604,6 +604,10 @@ StartDisplay (struct display *d) > > Debug ("pid: %d\n", pid); > > d->pid = pid; > > d->status = running; > > + > > + if (pledge("stdio rpath cpath proc", NULL) == -1) > > + exit(OPENFAILED_DISPLAY); > > + > > break; > > } > > } > > Index: session.c > > === > > RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v > > retrieving revision 1.12 > > diff -u -p -u -r1.12 session.c > > --- session.c 11 Jul 2018 20:28:41 - 1.12 > > +++ session.c 31 Oct 2018 15:15:49 - > > @@ -378,6 +378,10 @@ StartClient ( > > default: > > Debug ("StartSession, fork succeeded %d\n", pid); > > *pidp = pid; > > + > > + if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == > > -1) > > + exit(25); > > + > > return 1; > > } > > } > > > > - End forwarded message - > > -- > Matthieu Herrb >
Re: pledge xenodm
On Fri, Nov 02, 2018 at 07:03:11PM +, Ricardo Mestre wrote: > Hi, > > Looking at pledging xenodm a little bit more I was able to run it with > the diff below across X restarts, with stock configuration. > > Please test it, if you have special configs better since most likely > this will break it but we need to know where and why and with that maybe > trim xenodm's bloat. Hi, xenodm crashes if one logs out from the first session that was created. the pldege() call in StartDisplay is too strict. I've not had time to fully figure out if this can be fixed. Iirc I tried when I did the initial work on adding pledge to xenodm and it's not possible because of the code that creates the auth cookie and chown()s it to _x11. I didn't have time yet to do a more serious testing of the session pledge. > > DisplayManager: > rpath: open(2) /etc/X11/xenodm/xenodm-config > cpath: unlink(2) d->authFile > proc: kill(2) > > Session: > rpath: open(2) /etc/fbtab > wpath/cpath: open(2) d->authFile > fattr: chmod(2) d->authFile > dns: sysctl(2) for name resolution > proc: kill(2) > exec: execve(2) /etc/X11/xenodm/TakeConsole > id: setuid(2) > > Index: dm.c > === > RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v > retrieving revision 1.6 > diff -u -p -u -r1.6 dm.c > --- dm.c 11 Jul 2018 16:57:04 - 1.6 > +++ dm.c 31 Oct 2018 15:15:49 - > @@ -604,6 +604,10 @@ StartDisplay (struct display *d) > Debug ("pid: %d\n", pid); > d->pid = pid; > d->status = running; > + > + if (pledge("stdio rpath cpath proc", NULL) == -1) > + exit(OPENFAILED_DISPLAY); > + > break; > } > } > Index: session.c > === > RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v > retrieving revision 1.12 > diff -u -p -u -r1.12 session.c > --- session.c 11 Jul 2018 20:28:41 - 1.12 > +++ session.c 31 Oct 2018 15:15:49 - > @@ -378,6 +378,10 @@ StartClient ( > default: > Debug ("StartSession, fork succeeded %d\n", pid); > *pidp = pid; > + > + if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == > -1) > + exit(25); > + > return 1; > } > } > > - End forwarded message - -- Matthieu Herrb
Re: pledge xenodm
prodded by deraadt@, here's a rebased diff on xenocara's source root directory, usually /usr/xenocara. Index: app/xenodm/xenodm/dm.c === RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v retrieving revision 1.6 diff -u -p -u -r1.6 dm.c --- app/xenodm/xenodm/dm.c 11 Jul 2018 16:57:04 - 1.6 +++ app/xenodm/xenodm/dm.c 3 Nov 2018 11:10:06 - @@ -604,6 +604,10 @@ StartDisplay (struct display *d) Debug ("pid: %d\n", pid); d->pid = pid; d->status = running; + + if (pledge("stdio rpath cpath proc", NULL) == -1) + exit(OPENFAILED_DISPLAY); + break; } } Index: app/xenodm/xenodm/session.c === RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v retrieving revision 1.12 diff -u -p -u -r1.12 session.c --- app/xenodm/xenodm/session.c 11 Jul 2018 20:28:41 - 1.12 +++ app/xenodm/xenodm/session.c 3 Nov 2018 11:10:06 - @@ -378,6 +378,10 @@ StartClient ( default: Debug ("StartSession, fork succeeded %d\n", pid); *pidp = pid; + + if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == -1) + exit(25); + return 1; } }
pledge xenodm
Hi, Looking at pledging xenodm a little bit more I was able to run it with the diff below across X restarts, with stock configuration. Please test it, if you have special configs better since most likely this will break it but we need to know where and why and with that maybe trim xenodm's bloat. DisplayManager: rpath: open(2) /etc/X11/xenodm/xenodm-config cpath: unlink(2) d->authFile proc: kill(2) Session: rpath: open(2) /etc/fbtab wpath/cpath: open(2) d->authFile fattr: chmod(2) d->authFile dns: sysctl(2) for name resolution proc: kill(2) exec: execve(2) /etc/X11/xenodm/TakeConsole id: setuid(2) Index: dm.c === RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v retrieving revision 1.6 diff -u -p -u -r1.6 dm.c --- dm.c11 Jul 2018 16:57:04 - 1.6 +++ dm.c31 Oct 2018 15:15:49 - @@ -604,6 +604,10 @@ StartDisplay (struct display *d) Debug ("pid: %d\n", pid); d->pid = pid; d->status = running; + + if (pledge("stdio rpath cpath proc", NULL) == -1) + exit(OPENFAILED_DISPLAY); + break; } } Index: session.c === RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v retrieving revision 1.12 diff -u -p -u -r1.12 session.c --- session.c 11 Jul 2018 20:28:41 - 1.12 +++ session.c 31 Oct 2018 15:15:49 - @@ -378,6 +378,10 @@ StartClient ( default: Debug ("StartSession, fork succeeded %d\n", pid); *pidp = pid; + + if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == -1) + exit(25); + return 1; } } - End forwarded message -