On Tue, Mar 01, 2016 at 08:40:10AM +0100, Theo Buehler wrote: > On Thu, Feb 04, 2016 at 12:53:56PM +0100, Theo Buehler wrote: > > > If you can just add comments to patches explaining why you do the > > > getenv(HOME) dance to avoid getpw in pledge for the next guy that > > > stumbles upon it.. > > > > Since that's my hack, I added a short explanation to the patch itself. > > I also added a comment to the Makefile to explain the -DNOUSERS option. > > > > ok? > > > > Here's a new version of the patch. The only change is in the Makefile > due to the recent update of MASTER_SITES. > > ok?
ping? > > Index: Makefile > =================================================================== > RCS file: /var/cvs/ports/www/lynx/Makefile,v > retrieving revision 1.23 > diff -u -p -r1.23 Makefile > --- Makefile 27 Feb 2016 22:46:10 -0000 1.23 > +++ Makefile 1 Mar 2016 07:08:54 -0000 > @@ -5,7 +5,7 @@ PL = 8 > COMMENT = text web browser > DISTNAME = lynx${V}dev.${PL} > PKGNAME = lynx-${V}pl${PL} > -REVISION = 1 > +REVISION = 2 > EXTRACT_SUFX = .tar.bz2 > CATEGORIES = www net > > @@ -16,6 +16,7 @@ MAINTAINER = Frederic Cambus <fred@statd > # GPLv2 only > PERMIT_PACKAGE_CDROM = Yes > > +# uses pledge() > WANTLIB += c crypto ncurses ssl z > > MASTER_SITES = http://lynx.invisible-island.net/current/ \ > @@ -26,11 +27,17 @@ CONFIGURE_STYLE = gnu > CONFIGURE_ARGS = --datarootdir="${PREFIX}/share/doc/lynx" \ > --disable-idna \ > --disable-nls \ > + --disable-bibp-urls \ > + --disable-dired \ > + --disable-finger \ > --enable-default-colors \ > --enable-ipv6 \ > --enable-widec \ > --with-ssl=/usr \ > --with-zlib > + > +# This disables most calls to getpw*(3) so we can avoid pledge "getpw". > +CONFIGURE_ENV = CFLAGS="-DNOUSERS" > > MAKE_FILE = makefile > > Index: patches/patch-lynx_man > =================================================================== > RCS file: patches/patch-lynx_man > diff -N patches/patch-lynx_man > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-lynx_man 4 Feb 2016 11:37:34 -0000 > @@ -0,0 +1,25 @@ > +$OpenBSD$ > +--- lynx.man.orig Thu Oct 8 02:19:45 2015 > ++++ lynx.man Thu Feb 4 12:37:28 2016 > +@@ -593,6 +593,21 @@ flushes the cache on a proxy server > + allows a list of services to be disabled selectively. > + Dashes and underscores in option names can be intermixed. > + The following list is printed if no options are specified. > ++.IP > ++On OpenBSD the following restrictions are always enabled: > ++\fBexec\fR, > ++\fBmail\fR, > ++and > ++\fBshell\fR. > ++Additionally, > ++\fBbibp-urls\fR, > ++\fBdired\fR, > ++\fBfinger\fR, > ++\fBrlogin\fR, > ++and > ++\fBtelnet \fR > ++features have been disabled entirely. > ++.IP > + .RS > + .TP 3 > + .B all > Index: patches/patch-src_LYMain_c > =================================================================== > RCS file: patches/patch-src_LYMain_c > diff -N patches/patch-src_LYMain_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_LYMain_c 4 Feb 2016 11:35:38 -0000 > @@ -0,0 +1,25 @@ > +$OpenBSD$ > +--- src/LYMain.c.orig Fri Dec 18 01:34:45 2015 > ++++ src/LYMain.c Wed Feb 3 19:50:41 2016 > +@@ -2142,6 +2142,21 @@ int main(int argc, > + } > + > + /* > ++ * Disabling features requiring 'proc' + 'exec' and calling pledge > ++ */ > ++ no_exec = TRUE; > ++ no_mail = TRUE; > ++ no_shell = TRUE; > ++ > ++ rlogin_ok = FALSE; > ++ telnet_ok = FALSE; > ++ > ++ if (pledge("stdio rpath wpath cpath fattr dns inet tty", NULL) == -1) { > ++ fprintf(stderr, "%s: pledge: %s\n", getprogname(), strerror(errno)); > ++ exit_immediately(EXIT_FAILURE); > ++ } > ++ > ++ /* > + * Here's where we do all the work. > + */ > + if (dump_output_immediately) { > Index: patches/patch-src_LYUtils_c > =================================================================== > RCS file: patches/patch-src_LYUtils_c > diff -N patches/patch-src_LYUtils_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_LYUtils_c 4 Feb 2016 11:52:22 -0000 > @@ -0,0 +1,24 @@ > +$OpenBSD$ > + > +Use getenv("HOME") to determine the home directory instead of using getpwuid > in > +order to avoid a "getpw" promise. This is the only location not covered by > the > +'-DNOUSERS' option in the Makefile. If HOME is unset, the fallback is /tmp, > so > +no breakage is to be expected from this. > + > +--- src/LYUtils.c.orig Sun Mar 22 16:38:23 2015 > ++++ src/LYUtils.c Sun Jan 31 07:49:03 2016 > +@@ -5253,10 +5253,11 @@ const char *Home_Dir(void) > + /* > + * One could use getlogin() and getpwnam() here instead. > + */ > +- struct passwd *pw = getpwuid(geteuid()); > ++ char *home; > + > +- if (pw && pw->pw_dir) { > +- StrAllocCopy(HomeDir, pw->pw_dir); > ++ home = getenv("HOME"); > ++ if (home && *home) { > ++ StrAllocCopy(HomeDir, home); > + } else > + #endif > + { >