[Fwd: [PATCH] pledge x11/wmii (and other ports?)]

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[Fwd: [PATCH] pledge x11/wmii (and other ports?)]

trondd-2
...And I meant for this to go to ports.  Sorry.

---------------------------- Original Message ----------------------------
Subject: [PATCH] pledge x11/wmii (and other ports?)
From:    [hidden email]
Date:    Sun, November 22, 2015 12:24 pm
To:      [hidden email]
--------------------------------------------------------------------------

I haven't seen much discussion about applying pledge to ports, so I
thought I'd
find out how people feel about it.

I chose to start with x11/wmii because
a) It's no longer officially developed so (other than updating the port to
the
last release) it's not going to change.
b) I might be the only one left who uses it.

I've been running it pledged since it was tame.

I can see downsides to this such as, ports maintainers not necessarily being
involved in the development of the port and having a lower understanding
of the
code as compared to OBSD developers with base code, or not having the ability
to reorganize or change the code in a way that improves it for pledge.

Tim.


Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/wmii/Makefile,v
retrieving revision 1.21
diff -u -p -r1.21 Makefile
--- Makefile    12 Nov 2015 09:59:41 -0000      1.21
+++ Makefile    20 Nov 2015 22:33:36 -0000
@@ -3,7 +3,7 @@
 COMMENT=       dynamic window manager
 DISTNAME=      wmii-3.6
-REVISION=      6
+REVISION=      7
 CATEGORIES=    x11
 HOMEPAGE=      http://wmii.suckless.org/
cvs server: Diffing patches
Index: patches/patch-cmd_wmii_main_c
===================================================================
RCS file: patches/patch-cmd_wmii_main_c
diff -N patches/patch-cmd_wmii_main_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-cmd_wmii_main_c       20 Nov 2015 22:33:36 -0000 @@ -0,0
+1,13 @@
+$OpenBSD$
+--- cmd/wmii/main.c.orig       Sun Oct 18 15:10:20 2015
++++ cmd/wmii/main.c    Sun Oct 18 15:10:33 2015
+@@ -408,6 +408,9 @@ main(int argc, char *argv[]) {
+       WinAttr wa;
+       int i;
+
++      if (pledge("stdio rpath cpath fattr unix proc exec prot_exec",
NULL) == -1)
++              err(1, "pledge");
++
+       fmtinstall('r', errfmt);
+       fmtinstall('C', Cfmt);
+
Index: patches/patch-cmd_wmiir_c
===================================================================
RCS file: patches/patch-cmd_wmiir_c
diff -N patches/patch-cmd_wmiir_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-cmd_wmiir_c   20 Nov 2015 22:33:36 -0000
@@ -0,0 +1,13 @@
+$OpenBSD$
+--- cmd/wmiir.c.orig   Sun Oct 18 15:09:57 2015
++++ cmd/wmiir.c        Sun Oct 18 15:10:44 2015
+@@ -312,6 +312,9 @@ main(int argc, char *argv[]) {
+       exectab *tab;
+       int ret;
+
++      if (pledge("stdio unix", NULL) == -1)
++              err(1, "pledge");
++
+       fmtinstall('r', errfmt);
+
+       address = getenv("WMII_ADDRESS");


Reply | Threaded
Open this post in threaded view
|

Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]

Joerg Jung
On Sun, Nov 22, 2015 at 12:38:22PM -0500, trondd wrote:

> ...And I meant for this to go to ports.  Sorry.
>
> ---------------------------- Original Message ----------------------------
> Subject: [PATCH] pledge x11/wmii (and other ports?)
> From:    [hidden email]
> Date:    Sun, November 22, 2015 12:24 pm
> To:      [hidden email]
> --------------------------------------------------------------------------
>
> I haven't seen much discussion about applying pledge to ports, so I
> thought I'd
> find out how people feel about it.

I like it.
 
> I chose to start with x11/wmii because
> a) It's no longer officially developed so (other than updating the port to
> the
> last release) it's not going to change.
> b) I might be the only one left who uses it.

Yes.  I'm pretty sure you are ;)

However, I would consider github sunaku/wmii the "new" upstream, so
maybe try to push the patches there as and gently ask for release.

> I've been running it pledged since it was tame.
>
> I can see downsides to this such as, ports maintainers not necessarily being
> involved in the development of the port and having a lower understanding
> of the
> code as compared to OBSD developers with base code, or not having the ability
> to reorganize or change the code in a way that improves it for pledge.
>
> Tim.
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/x11/wmii/Makefile,v
> retrieving revision 1.21
> diff -u -p -r1.21 Makefile
> --- Makefile    12 Nov 2015 09:59:41 -0000      1.21
> +++ Makefile    20 Nov 2015 22:33:36 -0000
> @@ -3,7 +3,7 @@
>  COMMENT=       dynamic window manager
>  DISTNAME=      wmii-3.6
> -REVISION=      6
> +REVISION=      7
>  CATEGORIES=    x11
>  HOMEPAGE=      http://wmii.suckless.org/
> cvs server: Diffing patches
> Index: patches/patch-cmd_wmii_main_c
> ===================================================================
> RCS file: patches/patch-cmd_wmii_main_c
> diff -N patches/patch-cmd_wmii_main_c
> --- /dev/null   1 Jan 1970 00:00:00 -0000
> +++ patches/patch-cmd_wmii_main_c       20 Nov 2015 22:33:36 -0000 @@ -0,0
> +1,13 @@
> +$OpenBSD$
> +--- cmd/wmii/main.c.orig       Sun Oct 18 15:10:20 2015
> ++++ cmd/wmii/main.c    Sun Oct 18 15:10:33 2015
> +@@ -408,6 +408,9 @@ main(int argc, char *argv[]) {
> +       WinAttr wa;
> +       int i;
> +
> ++      if (pledge("stdio rpath cpath fattr unix proc exec prot_exec",
> NULL) == -1)
> ++              err(1, "pledge");
> ++
> +       fmtinstall('r', errfmt);
> +       fmtinstall('C', Cfmt);
> +
> Index: patches/patch-cmd_wmiir_c
> ===================================================================
> RCS file: patches/patch-cmd_wmiir_c
> diff -N patches/patch-cmd_wmiir_c
> --- /dev/null   1 Jan 1970 00:00:00 -0000
> +++ patches/patch-cmd_wmiir_c   20 Nov 2015 22:33:36 -0000
> @@ -0,0 +1,13 @@
> +$OpenBSD$
> +--- cmd/wmiir.c.orig   Sun Oct 18 15:09:57 2015
> ++++ cmd/wmiir.c        Sun Oct 18 15:10:44 2015
> +@@ -312,6 +312,9 @@ main(int argc, char *argv[]) {
> +       exectab *tab;
> +       int ret;
> +
> ++      if (pledge("stdio unix", NULL) == -1)
> ++              err(1, "pledge");
> ++
> +       fmtinstall('r', errfmt);
> +
> +       address = getenv("WMII_ADDRESS");
>
>

Reply | Threaded
Open this post in threaded view
|

Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]

Theo de Raadt
That diff is completely wrong.

The addition of "prot_exec" to a pledge should result in some
significant questions.

You can't pledge a program if you don't understand what it is doing,
and why.

Misapplication of pledge like this will result in a nightmare.

> On Sun, Nov 22, 2015 at 12:38:22PM -0500, trondd wrote:
> > ...And I meant for this to go to ports.  Sorry.
> >
> > ---------------------------- Original Message ----------------------------
> > Subject: [PATCH] pledge x11/wmii (and other ports?)
> > From:    [hidden email]
> > Date:    Sun, November 22, 2015 12:24 pm
> > To:      [hidden email]
> > --------------------------------------------------------------------------
> >
> > I haven't seen much discussion about applying pledge to ports, so I
> > thought I'd
> > find out how people feel about it.
>
> I like it.
>  
> > I chose to start with x11/wmii because
> > a) It's no longer officially developed so (other than updating the port to
> > the
> > last release) it's not going to change.
> > b) I might be the only one left who uses it.
>
> Yes.  I'm pretty sure you are ;)
>
> However, I would consider github sunaku/wmii the "new" upstream, so
> maybe try to push the patches there as and gently ask for release.
>
> > I've been running it pledged since it was tame.
> >
> > I can see downsides to this such as, ports maintainers not necessarily being
> > involved in the development of the port and having a lower understanding
> > of the
> > code as compared to OBSD developers with base code, or not having the ability
> > to reorganize or change the code in a way that improves it for pledge.
> >
> > Tim.
> >
> >
> > Index: Makefile
> > ===================================================================
> > RCS file: /cvs/ports/x11/wmii/Makefile,v
> > retrieving revision 1.21
> > diff -u -p -r1.21 Makefile
> > --- Makefile    12 Nov 2015 09:59:41 -0000      1.21
> > +++ Makefile    20 Nov 2015 22:33:36 -0000
> > @@ -3,7 +3,7 @@
> >  COMMENT=       dynamic window manager
> >  DISTNAME=      wmii-3.6
> > -REVISION=      6
> > +REVISION=      7
> >  CATEGORIES=    x11
> >  HOMEPAGE=      http://wmii.suckless.org/
> > cvs server: Diffing patches
> > Index: patches/patch-cmd_wmii_main_c
> > ===================================================================
> > RCS file: patches/patch-cmd_wmii_main_c
> > diff -N patches/patch-cmd_wmii_main_c
> > --- /dev/null   1 Jan 1970 00:00:00 -0000
> > +++ patches/patch-cmd_wmii_main_c       20 Nov 2015 22:33:36 -0000 @@ -0,0
> > +1,13 @@
> > +$OpenBSD$
> > +--- cmd/wmii/main.c.orig       Sun Oct 18 15:10:20 2015
> > ++++ cmd/wmii/main.c    Sun Oct 18 15:10:33 2015
> > +@@ -408,6 +408,9 @@ main(int argc, char *argv[]) {
> > +       WinAttr wa;
> > +       int i;
> > +
> > ++      if (pledge("stdio rpath cpath fattr unix proc exec prot_exec",
> > NULL) == -1)
> > ++              err(1, "pledge");
> > ++
> > +       fmtinstall('r', errfmt);
> > +       fmtinstall('C', Cfmt);
> > +
> > Index: patches/patch-cmd_wmiir_c
> > ===================================================================
> > RCS file: patches/patch-cmd_wmiir_c
> > diff -N patches/patch-cmd_wmiir_c
> > --- /dev/null   1 Jan 1970 00:00:00 -0000
> > +++ patches/patch-cmd_wmiir_c   20 Nov 2015 22:33:36 -0000
> > @@ -0,0 +1,13 @@
> > +$OpenBSD$
> > +--- cmd/wmiir.c.orig   Sun Oct 18 15:09:57 2015
> > ++++ cmd/wmiir.c        Sun Oct 18 15:10:44 2015
> > +@@ -312,6 +312,9 @@ main(int argc, char *argv[]) {
> > +       exectab *tab;
> > +       int ret;
> > +
> > ++      if (pledge("stdio unix", NULL) == -1)
> > ++              err(1, "pledge");
> > ++
> > +       fmtinstall('r', errfmt);
> > +
> > +       address = getenv("WMII_ADDRESS");
> >
> >
>

Reply | Threaded
Open this post in threaded view
|

Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]

trondd-2
On Sun, November 22, 2015 4:23 pm, Theo de Raadt wrote:

> That diff is completely wrong.
>
> The addition of "prot_exec" to a pledge should result in some
> significant questions.
>
> You can't pledge a program if you don't understand what it is doing,
> and why.
>
> Misapplication of pledge like this will result in a nightmare.
>
>
>> > I haven't seen much discussion about applying pledge to ports, so I
>> > thought I'd
>> > find out how people feel about it.
>>

So I'm reading that as "Yes, but only if you know what you're doing."

>> > I can see downsides to this such as, ports maintainers not necessarily
>> being
>> > involved in the development of the port and having a lower
>> understanding
>> > of the
>> > code as compared to OBSD developers with base code

I guess I fell into my own caveat.  Also, thanks for the additional
pointers off-list.

Tim.

Reply | Threaded
Open this post in threaded view
|

Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]

Theo de Raadt
> So I'm reading that as "Yes, but only if you know what you're doing."

You can't just pick pledges; you also have to put them in the right
place.

You have the wrong pledge arguments, because you are calling pledge
at the wrong place.

Reply | Threaded
Open this post in threaded view
|

Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]

trondd-2
On Sun, November 22, 2015 7:43 pm, Theo de Raadt wrote:
>> So I'm reading that as "Yes, but only if you know what you're doing."
>
> You can't just pick pledges; you also have to put them in the right
> place.
>
> You have the wrong pledge arguments, because you are calling pledge
> at the wrong place.
>

One mistake I made...  Was that I wanted pledge as soon as possible, and
forgot the init/main program structure that pledge is designed to work
*with*.  Then I didn't question the results.  Well, that's a benefit of
putting it out there.  I can learn.  And hopefully others do, too.

Tim.

Reply | Threaded
Open this post in threaded view
|

Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]

Theo de Raadt
> One mistake I made...  Was that I wanted pledge as soon as possible, and
> forgot the init/main program structure that pledge is designed to work
> *with*.  Then I didn't question the results.  Well, that's a benefit of
> putting it out there.  I can learn.  And hopefully others do, too.

"pledge as soon as possible" is a design mistake.

The source tree is full of examples showing that this won't work;
less than half of them pledge at the start.

Reply | Threaded
Open this post in threaded view
|

Re: [Fwd: [PATCH] pledge x11/wmii (and other ports?)]

Christian Weisgerber
In reply to this post by trondd-2
On 2015-11-22, "trondd" <[hidden email]> wrote:

> I haven't seen much discussion about applying pledge to ports, so I
> thought I'd
> find out how people feel about it.

Reluctant. Very reluctant.

You may remember that by and large we stopped adding strl* patches
to ports, because they become a maintenance burden when not accepted
upstream and there is a real risk of introducing bugs.

I am very worried about people sprinkling pledge() over ports with
the result that programs die with pledge violations when a user
runs the program slightly differently than the maintainer.  We have
added pledge() to a few popular decompressors because these are a
potential attack vector against the package building machines, and
it took sthen@ and me three attempts to get right an ostensibly
simple program like xz.

--
Christian "naddy" Weisgerber                          [hidden email]