subject:"pledge xenodm"

Re: pledge xenodm

2018-11-03 Thread trondd

On Sat, November 3, 2018 7:16 am, Ricardo Mestre wrote:
> prodded by deraadt@, here's a rebased diff on xenocara's source root
directory,
> usually /usr/xenocara.

I'm using DisplayManager*autoLogin in xenodm-config and starting xenodm as
desired (not at boot) and it logs me in the first time but after ending
the X session, when xenodm tries to reset it gets a:

xenodm[63122]: pledge "getpw", syscall 33

Turns out, though, this is kind of a bogus use case.  I'm trying to exit
X.  Having it log me right back in again is silly.  I like that it kills
xenodm.  That's actually what I want. :D

Tim.

Re: pledge xenodm

2018-11-03 Thread Ricardo Mestre

this is actually good, I made it as minimal as possible so that it
wouldn't break for me, if it breaks for you we can start from there.

On 13:41 Sat 03 Nov , Matthieu Herrb wrote:
> On Fri, Nov 02, 2018 at 07:03:11PM +, Ricardo Mestre wrote:
> > Hi,
> > 
> > Looking at pledging xenodm a little bit more I was able to run it with
> > the diff below across X restarts, with stock configuration.
> > 
> > Please test it, if you have special configs better since most likely
> > this will break it but we need to know where and why and with that maybe
> > trim xenodm's bloat.
> 
> Hi,
> 
> xenodm crashes if one logs out from the first session that was
> created.  the pldege() call in StartDisplay is too strict.
> 
> I've not had time to fully figure out if this can be fixed. Iirc I
> tried when I did the initial work on adding pledge to xenodm and it's
> not possible because of the code that creates the auth cookie and
> chown()s it to _x11.
> 
> I didn't have time yet to do a more serious testing of the session
> pledge. 
> 
> > 
> > DisplayManager:
> > rpath: open(2) /etc/X11/xenodm/xenodm-config
> > cpath: unlink(2) d->authFile
> > proc: kill(2)
> > 
> > Session:
> > rpath: open(2) /etc/fbtab
> > wpath/cpath: open(2) d->authFile
> > fattr: chmod(2) d->authFile
> > dns: sysctl(2) for name resolution
> > proc: kill(2)
> > exec: execve(2) /etc/X11/xenodm/TakeConsole
> > id: setuid(2)
> > 
> > Index: dm.c
> > ===
> > RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v
> > retrieving revision 1.6
> > diff -u -p -u -r1.6 dm.c
> > --- dm.c11 Jul 2018 16:57:04 -  1.6
> > +++ dm.c31 Oct 2018 15:15:49 -
> > @@ -604,6 +604,10 @@ StartDisplay (struct display *d)
> > Debug ("pid: %d\n", pid);
> > d->pid = pid;
> > d->status = running;
> > +
> > +   if (pledge("stdio rpath cpath proc", NULL) == -1)
> > +   exit(OPENFAILED_DISPLAY);
> > +
> > break;
> >  }
> >  }
> > Index: session.c
> > ===
> > RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v
> > retrieving revision 1.12
> > diff -u -p -u -r1.12 session.c
> > --- session.c   11 Jul 2018 20:28:41 -  1.12
> > +++ session.c   31 Oct 2018 15:15:49 -
> > @@ -378,6 +378,10 @@ StartClient (
> >  default:
> > Debug ("StartSession, fork succeeded %d\n", pid);
> > *pidp = pid;
> > +
> > +   if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == 
> > -1)
> > +   exit(25);
> > +
> > return 1;
> >  }
> >  }
> > 
> > - End forwarded message -
> 
> -- 
> Matthieu Herrb
>

Re: pledge xenodm

2018-11-03 Thread Matthieu Herrb

On Fri, Nov 02, 2018 at 07:03:11PM +, Ricardo Mestre wrote:
> Hi,
> 
> Looking at pledging xenodm a little bit more I was able to run it with
> the diff below across X restarts, with stock configuration.
> 
> Please test it, if you have special configs better since most likely
> this will break it but we need to know where and why and with that maybe
> trim xenodm's bloat.

Hi,

xenodm crashes if one logs out from the first session that was
created.  the pldege() call in StartDisplay is too strict.

I've not had time to fully figure out if this can be fixed. Iirc I
tried when I did the initial work on adding pledge to xenodm and it's
not possible because of the code that creates the auth cookie and
chown()s it to _x11.

I didn't have time yet to do a more serious testing of the session
pledge. 

> 
> DisplayManager:
> rpath: open(2) /etc/X11/xenodm/xenodm-config
> cpath: unlink(2) d->authFile
> proc: kill(2)
> 
> Session:
> rpath: open(2) /etc/fbtab
> wpath/cpath: open(2) d->authFile
> fattr: chmod(2) d->authFile
> dns: sysctl(2) for name resolution
> proc: kill(2)
> exec: execve(2) /etc/X11/xenodm/TakeConsole
> id: setuid(2)
> 
> Index: dm.c
> ===
> RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v
> retrieving revision 1.6
> diff -u -p -u -r1.6 dm.c
> --- dm.c  11 Jul 2018 16:57:04 -  1.6
> +++ dm.c  31 Oct 2018 15:15:49 -
> @@ -604,6 +604,10 @@ StartDisplay (struct display *d)
>   Debug ("pid: %d\n", pid);
>   d->pid = pid;
>   d->status = running;
> +
> + if (pledge("stdio rpath cpath proc", NULL) == -1)
> + exit(OPENFAILED_DISPLAY);
> +
>   break;
>  }
>  }
> Index: session.c
> ===
> RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v
> retrieving revision 1.12
> diff -u -p -u -r1.12 session.c
> --- session.c 11 Jul 2018 20:28:41 -  1.12
> +++ session.c 31 Oct 2018 15:15:49 -
> @@ -378,6 +378,10 @@ StartClient (
>  default:
>   Debug ("StartSession, fork succeeded %d\n", pid);
>   *pidp = pid;
> +
> + if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == 
> -1)
> + exit(25);
> +
>   return 1;
>  }
>  }
> 
> - End forwarded message -

-- 
Matthieu Herrb

Re: pledge xenodm

2018-11-03 Thread Ricardo Mestre

prodded by deraadt@, here's a rebased diff on xenocara's source root directory,
usually /usr/xenocara.

Index: app/xenodm/xenodm/dm.c
===
RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 dm.c
--- app/xenodm/xenodm/dm.c  11 Jul 2018 16:57:04 -  1.6
+++ app/xenodm/xenodm/dm.c  3 Nov 2018 11:10:06 -
@@ -604,6 +604,10 @@ StartDisplay (struct display *d)
Debug ("pid: %d\n", pid);
d->pid = pid;
d->status = running;
+
+   if (pledge("stdio rpath cpath proc", NULL) == -1)
+   exit(OPENFAILED_DISPLAY);
+
break;
 }
 }
Index: app/xenodm/xenodm/session.c
===
RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 session.c
--- app/xenodm/xenodm/session.c 11 Jul 2018 20:28:41 -  1.12
+++ app/xenodm/xenodm/session.c 3 Nov 2018 11:10:06 -
@@ -378,6 +378,10 @@ StartClient (
 default:
Debug ("StartSession, fork succeeded %d\n", pid);
*pidp = pid;
+
+   if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == 
-1)
+   exit(25);
+
return 1;
 }
 }

pledge xenodm

2018-11-02 Thread Ricardo Mestre

Hi,

Looking at pledging xenodm a little bit more I was able to run it with
the diff below across X restarts, with stock configuration.

Please test it, if you have special configs better since most likely
this will break it but we need to know where and why and with that maybe
trim xenodm's bloat.

DisplayManager:
rpath: open(2) /etc/X11/xenodm/xenodm-config
cpath: unlink(2) d->authFile
proc: kill(2)

Session:
rpath: open(2) /etc/fbtab
wpath/cpath: open(2) d->authFile
fattr: chmod(2) d->authFile
dns: sysctl(2) for name resolution
proc: kill(2)
exec: execve(2) /etc/X11/xenodm/TakeConsole
id: setuid(2)

Index: dm.c
===
RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 dm.c
--- dm.c11 Jul 2018 16:57:04 -  1.6
+++ dm.c31 Oct 2018 15:15:49 -
@@ -604,6 +604,10 @@ StartDisplay (struct display *d)
Debug ("pid: %d\n", pid);
d->pid = pid;
d->status = running;
+
+   if (pledge("stdio rpath cpath proc", NULL) == -1)
+   exit(OPENFAILED_DISPLAY);
+
break;
 }
 }
Index: session.c
===
RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 session.c
--- session.c   11 Jul 2018 20:28:41 -  1.12
+++ session.c   31 Oct 2018 15:15:49 -
@@ -378,6 +378,10 @@ StartClient (
 default:
Debug ("StartSession, fork succeeded %d\n", pid);
*pidp = pid;
+
+   if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == 
-1)
+   exit(25);
+
return 1;
 }
 }

- End forwarded message -

Re: pledge xenodm

Re: pledge xenodm

Re: pledge xenodm

Re: pledge xenodm

pledge xenodm

5 matches

Site Navigation

Mail list logo

Footer information