On Sun, Feb 24, 2019 at 10:44:25AM -0500, Todd Mortimer wrote: > A few weeks ago I noticed that firefox tabs were getting killed for > running afoul of pledge(2). It seems that the problem was some calls to > shmget(2) from the X swrast_dri.so lib that seem to have come from the > new mesa code that was recently imported. Since the shm syscalls aren't > covered by any pledge the system was killing the firefox tabs when they > called into X and X went down this code path. > > The shm calls are guarded by a #ifdef, so the patch below just > modifies the conditions so OpenBSD does not include the shm function and > falls back to ordinary malloc. With this patch my firefox works again. > > The alternative is to add shm to pledge(2) somewhere. I expect that > adding a syscall to pledge for a single program is unwanted, but in this > case it would be for any program using X with this DRI module. A quick > check in xenocara finds a small number of other references to the shm > functions (lib/libXvMC/src/XvMC.c, lib/xcb-util-image/), but I don't > know if we use these.
Thanks for looking into this, and nice findings ! There has been some discussion to add an 'shm' pledge class, but no real usage surfaced so far, and the usual stance was to neuter the shmget calls so that fallback codepaths were used like in https://bugzilla.mozilla.org/show_bug.cgi?id=1457092. - maybe there are more in other programs.. but there would have been a lot of pledge reports if so.
