Updated diff:
Added proc to the pledge list to deal with the system() in html.c
I missed system() as its not mentioned in the man page for pledge(2)
Including a second diff to add system() to the man page.
I wrote a script to test out different combinations of command line options.
I went through the output of nm, readelf and the source code.
steve
On Sun, Apr 24, 2016 at 12:36 AM, Sebastien Marie <sema...@openbsd.org> wrote:
> On Sat, Apr 23, 2016 at 08:40:55PM +0200, David Dahlberg wrote:
>>
>> Attached is a patch that has a first pledge after setlocale, and a
>> second call the command line parsing, which removes write access.
>
> for me, the first pledge call is superflous: it didn't really add gain
> to the program.
>
> pledging ports should be keep simple diffs: it will be more simple later
> for merging with port updates (because all the checks should be redone
> in case of feature additions or changes...)
>
>> I bid somebody with better C skills in using debuggers and reading
>> symbols than me to check, whether this should be sufficient. Steve,
>> didn't you volunteer? ;-)
>
> I already pointed system(3) call in html.c (requiring "proc exec").
>
> $ tree -R -L 2 -H .
> Abort trap (core dumped)
>
> the system(3) call occurs with the combinaison of these 3 options. It is
> why dynamic approch is really hard to be exhaustive.
>
>
> Please don't send patches if you aren't confident in your pledge
> promises: devs will not have time to check and review all the code to be
> sure that promises you pledge are good.
>
> Considers also that once bad promises are commited, the port could
> become unusable for others users, and the problem could be more
> important if it isn't catched in -current and bad promises goes to
> -stable (more work for devs). And users of the port will be angry about
> pledge(2) and you.
> --
> Sebastien Marie
>
Index: patches/patch-tree_c
===================================================================
RCS file: patches/patch-tree_c
diff -N patches/patch-tree_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-tree_c 27 Apr 2016 05:47:44 -0000
@@ -0,0 +1,15 @@
+$OpenBSD$
+--- tree.c.orig Wed Apr 23 14:38:24 2014
++++ tree.c Sun Apr 24 22:31:03 2016
+@@ -103,6 +103,11 @@ int main(int argc, char **argv)
+ dirs[0] = 0;
+ Level = -1;
+
++ if (pledge("stdio rpath cpath wpath proc", NULL) == -1){
++ fprintf(stderr, "%s: pledge\n", argv[0]);
++ exit(1);
++ }
++
+ setlocale(LC_CTYPE, "");
+ setlocale(LC_COLLATE, "");
+
Index: pledge.2
===================================================================
RCS file: /cvs/src/lib/libc/sys/pledge.2,v
retrieving revision 1.32
diff -u -p -r1.32 pledge.2
--- pledge.2 13 Apr 2016 14:24:30 -0000 1.32
+++ pledge.2 27 Apr 2016 03:20:10 -0000
@@ -438,7 +438,8 @@ Allows the following process relationshi
.Xr setpriority 2 ,
.Xr setrlimit 2 ,
.Xr setpgid 2 ,
-.Xr setsid 2 .
+.Xr setsid 2 ,
+.Xr system 3 .
.It Va "exec"
Allows a process to call
.Xr execve 2 .
