On Sat, Apr 23, 2016 at 03:29:33PM +0200, David Dahlberg wrote:
> Am Friday, den 22.04.2016, 11:07 +0200 schrieb David Dahlberg:
> > Am Freitag, den 22.04.2016, 09:52 +0100 schrieb Stuart Henderson:
> > > > MAINTAINER = David Dahlberg <david+bsd@dahlberg.cologne>
> > > And please CC maintainer for ports diffs, thank you :)
> > I have seen it. Will have a deeper look at it over the week-end.
>
> Did some style changes and added "getpw" to pledge for getgrgid(3) etc.
> BTW, how do I cvs diff over new files?
1. cp file{,.orig}
2. edit file, and save
3. cd /usr/ports/.../ && make update-patches
> $OpenBSD$
> --- tree.c.orig Sat Apr 23 14:04:39 2016
> +++ tree.c Sat Apr 23 14:05:33 2016
> @@ -103,6 +103,11 @@ int main(int argc, char **argv)
> dirs[0] = 0;
> Level = -1;
>
> + if (pledge("stdio rpath getpw", NULL) == -1){
> + fprintf(stderr, "%s: pledge\n", argv[0]);
> + exit(1);
> + }
> +
> setlocale(LC_CTYPE, "");
> setlocale(LC_COLLATE, "");
>
The common idiom is to place pledge(2) at least after setlocale().
I looked very quickly at tree.c code. I saw:
- tree.c : outfile = fopen(outfilename,"w");
- html.c : system(hcmd);
So I think the pledge promises are incomplete and/or the pledge call is
misplaced.
$ tree -o test
Abort trap (core dumped)
I will try to (re?)present differents ways to efficiently adds pledge a
program:
- static approch from code: read all the code and understand it. It is
the more efficient way, but it could also take lot of time.
- static approch from binary: read the list of symbols and libraries
the program will need. It is only a partial view as it will not
make differencies between fopen("foo", "r") and fopen("foo", "w")
for example, neither differenciate between syscalls before pledge(2)
and after.
but it could permit to quickly check if the first method was
exhaustive or not.
libraries: readelf -d foo | grep NEED
symbols: nm foo | grep U
- dynamic approch: the more easy, but also the more error prone :)
found the place for add pledge(2) (after initialisation), add a
minimal pledge call, and try to run the program...
it is error prone as you have to reach every code path from the
command-line: so testing all options, all configuration options (and
combinaison of them).
eventually, the message from kernel is partial: when you need "tty",
the kernel will report "ioctl" as "tty" is a subset of "ioctl".
The best is a mix of all these methods :)
--
Sebastien Marie
