Re: add pledge and unveil to net/irssi

Fri, 07 Jun 2019 14:41:41 -0700 

On Fri, Jun 07, 2019 at 07:25:45PM +0100, Stuart Henderson wrote:
> On 2019/06/07 19:05, Solene Rapenne wrote:
> > Hi,
> > 
> > This is a first draft to add pledge and unveil to net/irssi.
> > 
> > About the Makefile, I added PORTHOME=${WRKDIST} so "make test" run with
> > 100% of success.
> > 
> > The current implementation of pledge/unveil is under a #ifdef
> > HAVE_PLEDGE so I defined it there.
> 
> Nothing is calling pledge_init (I noticed because there's no "p" flag
> showing in ps, and to be honest also because it didn't crash like I was
> expecting it to with my configuration ;-)

one patch was missing :(

full patch below, I reapplied it on a fresh net/irssi folder and I can
see the "p" state in ps

The security features can be disabled (a bit of work is required to
disable the pledge in net-nonblock.c (you should already have it enabled
when you were connected)) so people requiring plugins not working can
still use irssi in the current state. /bin/ , /usr/bin/ and
/usr/local/bin could be added to unveil I think. My main goal was to
prevent irssi to write scripts and exec them, with the current unveil
from this patch, irssi can't write under ~/.irssi/scripts but can exec
them.


Index: Makefile
===================================================================
RCS file: /data/cvs/ports/net/irssi/Makefile,v
retrieving revision 1.79
diff -u -p -r1.79 Makefile
--- Makefile    18 Feb 2019 18:35:57 -0000      1.79
+++ Makefile    7 Jun 2019 16:53:15 -0000
@@ -5,6 +5,7 @@ COMMENT =       modular IRC client with many f
 V =            1.2.0
 DISTNAME =     irssi-$V
 PKGSPEC =      irssi-=$V
+REVISION =     0
 
 CATEGORIES =   net
 
@@ -15,6 +16,7 @@ MAINTAINER =  Klemens Nanni <kn@openbsd.o
 # GPLv2+
 PERMIT_PACKAGE_CDROM = Yes
 
+# use pledge()
 WANTLIB +=     c crypto curses gcrypt glib-2.0 gmodule-2.0 gpg-error \
                iconv intl m otr pcre perl pthread ssl
 
@@ -44,6 +46,12 @@ CONFIGURE_ARGS +=    --with-socks
 LIB_DEPENDS +=         security/dante
 WANTLIB +=             socks
 .endif
+
+# required for 100% tests to pass
+PORTHOME=              ${WRKDIST}
+
+# required to enable pledge/unveil
+CFLAGS+=               -DHAVE_PLEDGE=y
 
 MAKE_FLAGS =   scriptdir="${SYSCONFDIR}/irssi/scripts" \
                themedir="${SYSCONFDIR}/irssi/themes"
Index: patches/patch-src_core_net-nonblock_c
===================================================================
RCS file: patches/patch-src_core_net-nonblock_c
diff -N patches/patch-src_core_net-nonblock_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_core_net-nonblock_c       7 Jun 2019 16:38:59 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+Index: src/core/net-nonblock.c
+--- src/core/net-nonblock.c.orig
++++ src/core/net-nonblock.c
+@@ -60,6 +60,11 @@ int net_gethostbyname_nonblock(const char *addr, GIOCh
+                         "Using blocking resolving");
+       }
+ 
++#ifdef HAVE_PLEDGE
++    if (pledge("dns inet stdio",NULL) == -1)
++    { printf("Error pledge non-block\n"); exit(1); }
++#endif
++
+       /* child */
+       srand(time(NULL));
+ 
Index: patches/patch-src_fe-common_core_fe-common-core_c
===================================================================
RCS file: patches/patch-src_fe-common_core_fe-common-core_c
diff -N patches/patch-src_fe-common_core_fe-common-core_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_fe-common_core_fe-common-core_c   7 Jun 2019 16:34:14 
-0000
@@ -0,0 +1,96 @@
+$OpenBSD$
+
+Index: src/fe-common/core/fe-common-core.c
+--- src/fe-common/core/fe-common-core.c.orig
++++ src/fe-common/core/fe-common-core.c
+@@ -49,6 +49,9 @@
+ #include "windows-layout.h"
+ #include "fe-recode.h"
+ 
++#ifdef HAVE_PLEDGE
++#include <pwd.h>
++#endif
+ #include <signal.h>
+ 
+ static char *autocon_server;
+@@ -58,6 +61,10 @@ static int no_autoconnect;
+ static char *cmdline_nick;
+ static char *cmdline_hostname;
+ 
++#ifdef HAVE_PLEDGE
++static int no_unveil;
++#endif
++
+ void fe_core_log_init(void);
+ void fe_core_log_deinit(void);
+ 
+@@ -99,6 +106,53 @@ void window_commands_deinit(void);
+ 
+ static void sig_setup_changed(void);
+ 
++#ifdef HAVE_PLEDGE
++void pledge_init()
++{
++    if( ! no_unveil) {
++        struct passwd *pw;
++        int user_id = getuid();
++        char path[200];
++
++        pw = getpwuid(user_id);
++        if (pw == NULL)
++        { printf("can't get pw of current user\n"); exit(1); }
++        
++        if( unveil("/etc/ssl","r") == -1 )
++        { printf("error unveil /etc/ssl/\n"); exit(1); }
++
++        if( unveil("/etc/resolv.conf","r") == -1 )
++        { printf("error unveil /etc/resolv.conf\n"); exit(1); }
++
++        if( unveil("/dev/null","rw") == -1 )
++        { printf("error unveil dev/null\n"); exit(1); }
++
++        if( unveil("/usr/local/libdata/perl5/","r") == -1 )
++        { printf("error unveil /usr/local/libdata/perl5/\n"); exit(1); }
++
++        if( unveil("/usr/libdata/perl5/","r") == -1 )
++        { printf("error unveil /usr/libdata/perl5/\n"); exit(1); }
++
++        snprintf(path,sizeof(path), "%s/irclogs",pw->pw_dir);
++        if( unveil(path,"rwc") == -1 )
++        { printf("error unveil %s\n",path); exit(1); }
++
++        snprintf(path,sizeof(path), "%s/.irssi/",pw->pw_dir);
++        if( unveil(path,"rwc") == -1 )
++        { printf("error unveil %s\n",path); exit(1); }
++
++        snprintf(path,sizeof(path), "%s/.irssi/scripts",pw->pw_dir);
++        if( unveil(path,"rx") == -1 )
++        { printf("error unveil %s\n",path); exit(1); }
++
++        if (pledge("dns inet tty flock stdio cpath wpath rpath prot_exec proc 
unveil getpw",NULL) == -1)
++        { printf("error pledge\n"); exit(1); }
++
++    }
++
++}
++#endif
++
+ static void sig_connected(SERVER_REC *server)
+ {
+       MODULE_DATA_SET(server, g_new0(MODULE_SERVER_REC, 1));
+@@ -133,6 +187,7 @@ void fe_common_core_register_options(void)
+               { "noconnect", '!', 0, G_OPTION_ARG_NONE, &no_autoconnect, 
"Disable autoconnecting", NULL },
+               { "nick", 'n', 0, G_OPTION_ARG_STRING, &cmdline_nick, "Specify 
nick to use", NULL },
+               { "hostname", 'h', 0, G_OPTION_ARG_STRING, &cmdline_hostname, 
"Specify host name to use", NULL },
++        { "disable-unveil", 'u', 0, G_OPTION_ARG_NONE, &no_unveil, "Disable 
unveil and pledge security features", NULL },
+               { NULL }
+       };
+ 
+@@ -140,6 +195,7 @@ void fe_common_core_register_options(void)
+       autocon_password = NULL;
+       autocon_port = 0;
+       no_autoconnect = FALSE;
++    no_unveil = FALSE;
+       cmdline_nick = NULL;
+       cmdline_hostname = NULL;
+       args_register(options);
Index: patches/patch-src_fe-text_irssi_c
===================================================================
RCS file: patches/patch-src_fe-text_irssi_c
diff -N patches/patch-src_fe-text_irssi_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_fe-text_irssi_c   7 Jun 2019 13:22:26 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+Index: src/fe-text/irssi.c
+--- src/fe-text/irssi.c.orig
++++ src/fe-text/irssi.c
+@@ -334,6 +334,11 @@ int main(int argc, char **argv)
+ 
+       g_log_set_always_fatal(loglev);
+       textui_finish_init();
++
++#ifdef HAVE_PLEDGE
++    pledge_init();
++#endif
++
+       main_loop = g_main_new(TRUE);
+ 
+       /* Does the same as g_main_run(main_loop), except we

Reply via email to