On Wed, Jul 05, 2017 at 09:29:49AM +0100, Stuart Henderson wrote: > > The www/lynx port has execution of external programs disabled. However, > > trying to use features which spawn external programs just causes it to > > crash. > > If I understand correctly, it is not supposed to call external programs, > > but it also shouldn't just crash if you try to. > > > > Steps to reproduce (or at least one way): > > 1. Add 'DOWNLOADER:Open with feh:feh %s' to /etc/lynx.cfg (replace > > 'feh' with any image viewer). > > 2. Run 'lynx https://www.openbsd.org/images/rack2009-s.png' (for example) > > and press 'd' to download the image. > > 3. Choose 'Open with feh'; lynx will crash with 'Abort trap (core dumped)'.
> The lynx port uses pledge(7) to disallow certain operations, including > spawning another process. If those operations are attempted anyway, > it *is* supposed to crash. > > It would be a little nicer if the operation just failed rather than > crashing the process, however the end result would still be "can't > do what you want", so the simplest way to do that is to avoid setting > DOWNLOADER: to open the file. Agreed, the following diff should take care of that, it avoids parsing DOWNLOADER directives from lynx.cfg. While there I also did the same for the PRINTER directives, which are using the same scheme. As a side note, there is no need to explicitely disable parsing UPLOADER directives because we --disable-dired at configure time, nor EXTERNAL directives as we do not build with --enable-externs. Comments? OK? Index: Makefile =================================================================== RCS file: /cvs/ports/www/lynx/Makefile,v retrieving revision 1.34 diff -u -p -r1.34 Makefile --- Makefile 5 Jul 2017 22:04:11 -0000 1.34 +++ Makefile 6 Jul 2017 10:20:34 -0000 @@ -5,6 +5,7 @@ PL = 15 COMMENT = text web browser DISTNAME = lynx${V}dev.${PL} PKGNAME = lynx-${V}pl${PL} +REVISION = 0 EXTRACT_SUFX = .tar.bz2 CATEGORIES = www net Index: patches/patch-src_LYReadCFG_c =================================================================== RCS file: /cvs/ports/www/lynx/patches/patch-src_LYReadCFG_c,v retrieving revision 1.4 diff -u -p -r1.4 patch-src_LYReadCFG_c --- patches/patch-src_LYReadCFG_c 30 Apr 2017 12:08:32 -0000 1.4 +++ patches/patch-src_LYReadCFG_c 6 Jul 2017 10:20:34 -0000 @@ -1,7 +1,16 @@ $OpenBSD: patch-src_LYReadCFG_c,v 1.4 2017/04/30 12:08:32 fcambus Exp $ ---- src/LYReadCFG.c.orig Thu Nov 24 16:35:29 2016 -+++ src/LYReadCFG.c Sat Apr 29 11:09:38 2017 -@@ -1537,7 +1537,6 @@ static Config_Type Config_Table [] = +Index: src/LYReadCFG.c +--- src/LYReadCFG.c.orig ++++ src/LYReadCFG.c +@@ -1508,7 +1508,6 @@ static Config_Type Config_Table [] = + PARSE_FUN(RC_DISPLAY_CHARSET_CHOICE, parse_display_charset_choice), + #endif + PARSE_SET(RC_DONT_WRAP_PRE, dont_wrap_pre), +- PARSE_ADD(RC_DOWNLOADER, downloaders), + PARSE_SET(RC_EMACS_KEYS_ALWAYS_ON, emacs_keys), + PARSE_FUN(RC_ENABLE_LYNXRC, enable_lynxrc), + PARSE_SET(RC_ENABLE_SCROLLBACK, enable_scrollback), +@@ -1537,7 +1536,6 @@ static Config_Type Config_Table [] = #endif PARSE_Env(RC_FTP_PROXY, 0), PARSE_STR(RC_GLOBAL_EXTENSION_MAP, global_extension_map), @@ -9,7 +18,7 @@ $OpenBSD: patch-src_LYReadCFG_c,v 1.4 20 PARSE_Env(RC_GOPHER_PROXY, 0), PARSE_SET(RC_GOTOBUFFER, goto_buffer), PARSE_PRG(RC_GZIP_PATH, ppGZIP), -@@ -1655,7 +1654,6 @@ static Config_Type Config_Table [] = +@@ -1655,7 +1653,6 @@ static Config_Type Config_Table [] = PARSE_SET(RC_PERSISTENT_COOKIES, persistent_cookies), #endif /* USE_PERSISTENT_COOKIES */ PARSE_STR(RC_PERSONAL_EXTENSION_MAP, personal_extension_map), @@ -17,7 +26,15 @@ $OpenBSD: patch-src_LYReadCFG_c,v 1.4 20 PARSE_LST(RC_POSITIONABLE_EDITOR, positionable_editor), PARSE_STR(RC_PREFERRED_CHARSET, pref_charset), PARSE_ENU(RC_PREFERRED_ENCODING, LYAcceptEncoding, tbl_preferred_encoding), -@@ -1766,11 +1764,9 @@ static Config_Type Config_Table [] = +@@ -1668,7 +1665,6 @@ static Config_Type Config_Table [] = + PARSE_FUN(RC_PRETTYSRC_SPEC, psrcspec_fun), + PARSE_SET(RC_PRETTYSRC_VIEW_NO_ANCHOR_NUM, psrcview_no_anchor_numbering), + #endif +- PARSE_ADD(RC_PRINTER, printers), + PARSE_SET(RC_QUIT_DEFAULT_YES, LYQuitDefaultYes), + PARSE_INT(RC_READ_TIMEOUT, reading_timeout), + PARSE_FUN(RC_REFERER_WITH_QUERY, referer_with_query_fun), +@@ -1767,11 +1763,9 @@ static Config_Type Config_Table [] = PARSE_PRG(RC_UUDECODE_PATH, ppUUDECODE), PARSE_SET(RC_VERBOSE_IMAGES, verbose_img), PARSE_SET(RC_VI_KEYS_ALWAYS_ON, vi_keys),