Re: Adding pledge() to www/lynx

Sat, 12 Mar 2016 00:32:00 -0800 

On Tue, Mar 01, 2016 at 08:40:10AM +0100, Theo Buehler wrote:
> On Thu, Feb 04, 2016 at 12:53:56PM +0100, Theo Buehler wrote:
> > > If you can just add comments to patches explaining why you do the
> > > getenv(HOME) dance to avoid getpw in pledge for the next guy that
> > > stumbles upon it..
> > 
> > Since that's my hack, I added a short explanation to the patch itself.
> > I also added a comment to the Makefile to explain the -DNOUSERS option.
> > 
> > ok?
> > 
> 
> Here's a new version of the patch. The only change is in the Makefile
> due to the recent update of MASTER_SITES.
> 
> ok?

ping?

> 
> Index: Makefile
> ===================================================================
> RCS file: /var/cvs/ports/www/lynx/Makefile,v
> retrieving revision 1.23
> diff -u -p -r1.23 Makefile
> --- Makefile  27 Feb 2016 22:46:10 -0000      1.23
> +++ Makefile  1 Mar 2016 07:08:54 -0000
> @@ -5,7 +5,7 @@ PL =          8
>  COMMENT =    text web browser
>  DISTNAME =   lynx${V}dev.${PL}
>  PKGNAME =    lynx-${V}pl${PL}
> -REVISION =   1
> +REVISION =   2
>  EXTRACT_SUFX =       .tar.bz2
>  CATEGORIES = www net
>  
> @@ -16,6 +16,7 @@ MAINTAINER =        Frederic Cambus <fred@statd
>  # GPLv2 only
>  PERMIT_PACKAGE_CDROM =       Yes
>  
> +# uses pledge()
>  WANTLIB += c crypto ncurses ssl z
>  
>  MASTER_SITES =       http://lynx.invisible-island.net/current/ \
> @@ -26,11 +27,17 @@ CONFIGURE_STYLE = gnu
>  CONFIGURE_ARGS =     --datarootdir="${PREFIX}/share/doc/lynx" \
>                       --disable-idna \
>                       --disable-nls \
> +                     --disable-bibp-urls \
> +                     --disable-dired \
> +                     --disable-finger \
>                       --enable-default-colors \
>                       --enable-ipv6 \
>                       --enable-widec \
>                       --with-ssl=/usr \
>                       --with-zlib
> +
> +# This disables most calls to getpw*(3) so we can avoid pledge "getpw".
> +CONFIGURE_ENV =      CFLAGS="-DNOUSERS"
>  
>  MAKE_FILE =  makefile
>  
> Index: patches/patch-lynx_man
> ===================================================================
> RCS file: patches/patch-lynx_man
> diff -N patches/patch-lynx_man
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-lynx_man    4 Feb 2016 11:37:34 -0000
> @@ -0,0 +1,25 @@
> +$OpenBSD$
> +--- lynx.man.orig    Thu Oct  8 02:19:45 2015
> ++++ lynx.man Thu Feb  4 12:37:28 2016
> +@@ -593,6 +593,21 @@ flushes the cache on a proxy server
> + allows a list of services to be disabled selectively.
> + Dashes and underscores in option names can be intermixed.
> + The following list is printed if no options are specified.
> ++.IP
> ++On OpenBSD the following restrictions are always enabled:
> ++\fBexec\fR,
> ++\fBmail\fR,
> ++and
> ++\fBshell\fR.
> ++Additionally,
> ++\fBbibp-urls\fR,
> ++\fBdired\fR,
> ++\fBfinger\fR,
> ++\fBrlogin\fR,
> ++and
> ++\fBtelnet \fR
> ++features have been disabled entirely.
> ++.IP
> + .RS
> + .TP 3
> + .B all
> Index: patches/patch-src_LYMain_c
> ===================================================================
> RCS file: patches/patch-src_LYMain_c
> diff -N patches/patch-src_LYMain_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_LYMain_c        4 Feb 2016 11:35:38 -0000
> @@ -0,0 +1,25 @@
> +$OpenBSD$
> +--- src/LYMain.c.orig        Fri Dec 18 01:34:45 2015
> ++++ src/LYMain.c     Wed Feb  3 19:50:41 2016
> +@@ -2142,6 +2142,21 @@ int main(int argc,
> +     }
> + 
> +     /*
> ++     * Disabling features requiring 'proc' + 'exec' and calling pledge
> ++     */
> ++    no_exec = TRUE;
> ++    no_mail = TRUE;
> ++    no_shell = TRUE;
> ++
> ++    rlogin_ok = FALSE;
> ++    telnet_ok = FALSE;
> ++
> ++    if (pledge("stdio rpath wpath cpath fattr dns inet tty", NULL) == -1) {
> ++    fprintf(stderr, "%s: pledge: %s\n", getprogname(), strerror(errno));
> ++    exit_immediately(EXIT_FAILURE);
> ++    }
> ++
> ++    /*
> +      * Here's where we do all the work.
> +      */
> +     if (dump_output_immediately) {
> Index: patches/patch-src_LYUtils_c
> ===================================================================
> RCS file: patches/patch-src_LYUtils_c
> diff -N patches/patch-src_LYUtils_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_LYUtils_c       4 Feb 2016 11:52:22 -0000
> @@ -0,0 +1,24 @@
> +$OpenBSD$
> +
> +Use getenv("HOME") to determine the home directory instead of using getpwuid 
> in
> +order to avoid a "getpw" promise.  This is the only location not covered by 
> the
> +'-DNOUSERS' option in the Makefile.  If HOME is unset, the fallback is /tmp, 
> so
> +no breakage is to be expected from this.
> +
> +--- src/LYUtils.c.orig       Sun Mar 22 16:38:23 2015
> ++++ src/LYUtils.c    Sun Jan 31 07:49:03 2016
> +@@ -5253,10 +5253,11 @@ const char *Home_Dir(void)
> +         /*
> +          * One could use getlogin() and getpwnam() here instead.
> +          */
> +-        struct passwd *pw = getpwuid(geteuid());
> ++        char *home;
> + 
> +-        if (pw && pw->pw_dir) {
> +-            StrAllocCopy(HomeDir, pw->pw_dir);
> ++        home = getenv("HOME");
> ++        if (home && *home) {
> ++            StrAllocCopy(HomeDir, home);
> +         } else
> + #endif
> +         {
>

Reply via email to