On Fri, Jun 07, 2019 at 07:25:45PM +0100, Stuart Henderson wrote: > On 2019/06/07 19:05, Solene Rapenne wrote: > > Hi, > > > > This is a first draft to add pledge and unveil to net/irssi. > > > > About the Makefile, I added PORTHOME=${WRKDIST} so "make test" run with > > 100% of success. > > > > The current implementation of pledge/unveil is under a #ifdef > > HAVE_PLEDGE so I defined it there. > > Nothing is calling pledge_init (I noticed because there's no "p" flag > showing in ps, and to be honest also because it didn't crash like I was > expecting it to with my configuration ;-)
one patch was missing :( full patch below, I reapplied it on a fresh net/irssi folder and I can see the "p" state in ps The security features can be disabled (a bit of work is required to disable the pledge in net-nonblock.c (you should already have it enabled when you were connected)) so people requiring plugins not working can still use irssi in the current state. /bin/ , /usr/bin/ and /usr/local/bin could be added to unveil I think. My main goal was to prevent irssi to write scripts and exec them, with the current unveil from this patch, irssi can't write under ~/.irssi/scripts but can exec them. Index: Makefile =================================================================== RCS file: /data/cvs/ports/net/irssi/Makefile,v retrieving revision 1.79 diff -u -p -r1.79 Makefile --- Makefile 18 Feb 2019 18:35:57 -0000 1.79 +++ Makefile 7 Jun 2019 16:53:15 -0000 @@ -5,6 +5,7 @@ COMMENT = modular IRC client with many f V = 1.2.0 DISTNAME = irssi-$V PKGSPEC = irssi-=$V +REVISION = 0 CATEGORIES = net @@ -15,6 +16,7 @@ MAINTAINER = Klemens Nanni <kn@openbsd.o # GPLv2+ PERMIT_PACKAGE_CDROM = Yes +# use pledge() WANTLIB += c crypto curses gcrypt glib-2.0 gmodule-2.0 gpg-error \ iconv intl m otr pcre perl pthread ssl @@ -44,6 +46,12 @@ CONFIGURE_ARGS += --with-socks LIB_DEPENDS += security/dante WANTLIB += socks .endif + +# required for 100% tests to pass +PORTHOME= ${WRKDIST} + +# required to enable pledge/unveil +CFLAGS+= -DHAVE_PLEDGE=y MAKE_FLAGS = scriptdir="${SYSCONFDIR}/irssi/scripts" \ themedir="${SYSCONFDIR}/irssi/themes" Index: patches/patch-src_core_net-nonblock_c =================================================================== RCS file: patches/patch-src_core_net-nonblock_c diff -N patches/patch-src_core_net-nonblock_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_core_net-nonblock_c 7 Jun 2019 16:38:59 -0000 @@ -0,0 +1,17 @@ +$OpenBSD$ + +Index: src/core/net-nonblock.c +--- src/core/net-nonblock.c.orig ++++ src/core/net-nonblock.c +@@ -60,6 +60,11 @@ int net_gethostbyname_nonblock(const char *addr, GIOCh + "Using blocking resolving"); + } + ++#ifdef HAVE_PLEDGE ++ if (pledge("dns inet stdio",NULL) == -1) ++ { printf("Error pledge non-block\n"); exit(1); } ++#endif ++ + /* child */ + srand(time(NULL)); + Index: patches/patch-src_fe-common_core_fe-common-core_c =================================================================== RCS file: patches/patch-src_fe-common_core_fe-common-core_c diff -N patches/patch-src_fe-common_core_fe-common-core_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_fe-common_core_fe-common-core_c 7 Jun 2019 16:34:14 -0000 @@ -0,0 +1,96 @@ +$OpenBSD$ + +Index: src/fe-common/core/fe-common-core.c +--- src/fe-common/core/fe-common-core.c.orig ++++ src/fe-common/core/fe-common-core.c +@@ -49,6 +49,9 @@ + #include "windows-layout.h" + #include "fe-recode.h" + ++#ifdef HAVE_PLEDGE ++#include <pwd.h> ++#endif + #include <signal.h> + + static char *autocon_server; +@@ -58,6 +61,10 @@ static int no_autoconnect; + static char *cmdline_nick; + static char *cmdline_hostname; + ++#ifdef HAVE_PLEDGE ++static int no_unveil; ++#endif ++ + void fe_core_log_init(void); + void fe_core_log_deinit(void); + +@@ -99,6 +106,53 @@ void window_commands_deinit(void); + + static void sig_setup_changed(void); + ++#ifdef HAVE_PLEDGE ++void pledge_init() ++{ ++ if( ! no_unveil) { ++ struct passwd *pw; ++ int user_id = getuid(); ++ char path[200]; ++ ++ pw = getpwuid(user_id); ++ if (pw == NULL) ++ { printf("can't get pw of current user\n"); exit(1); } ++ ++ if( unveil("/etc/ssl","r") == -1 ) ++ { printf("error unveil /etc/ssl/\n"); exit(1); } ++ ++ if( unveil("/etc/resolv.conf","r") == -1 ) ++ { printf("error unveil /etc/resolv.conf\n"); exit(1); } ++ ++ if( unveil("/dev/null","rw") == -1 ) ++ { printf("error unveil dev/null\n"); exit(1); } ++ ++ if( unveil("/usr/local/libdata/perl5/","r") == -1 ) ++ { printf("error unveil /usr/local/libdata/perl5/\n"); exit(1); } ++ ++ if( unveil("/usr/libdata/perl5/","r") == -1 ) ++ { printf("error unveil /usr/libdata/perl5/\n"); exit(1); } ++ ++ snprintf(path,sizeof(path), "%s/irclogs",pw->pw_dir); ++ if( unveil(path,"rwc") == -1 ) ++ { printf("error unveil %s\n",path); exit(1); } ++ ++ snprintf(path,sizeof(path), "%s/.irssi/",pw->pw_dir); ++ if( unveil(path,"rwc") == -1 ) ++ { printf("error unveil %s\n",path); exit(1); } ++ ++ snprintf(path,sizeof(path), "%s/.irssi/scripts",pw->pw_dir); ++ if( unveil(path,"rx") == -1 ) ++ { printf("error unveil %s\n",path); exit(1); } ++ ++ if (pledge("dns inet tty flock stdio cpath wpath rpath prot_exec proc unveil getpw",NULL) == -1) ++ { printf("error pledge\n"); exit(1); } ++ ++ } ++ ++} ++#endif ++ + static void sig_connected(SERVER_REC *server) + { + MODULE_DATA_SET(server, g_new0(MODULE_SERVER_REC, 1)); +@@ -133,6 +187,7 @@ void fe_common_core_register_options(void) + { "noconnect", '!', 0, G_OPTION_ARG_NONE, &no_autoconnect, "Disable autoconnecting", NULL }, + { "nick", 'n', 0, G_OPTION_ARG_STRING, &cmdline_nick, "Specify nick to use", NULL }, + { "hostname", 'h', 0, G_OPTION_ARG_STRING, &cmdline_hostname, "Specify host name to use", NULL }, ++ { "disable-unveil", 'u', 0, G_OPTION_ARG_NONE, &no_unveil, "Disable unveil and pledge security features", NULL }, + { NULL } + }; + +@@ -140,6 +195,7 @@ void fe_common_core_register_options(void) + autocon_password = NULL; + autocon_port = 0; + no_autoconnect = FALSE; ++ no_unveil = FALSE; + cmdline_nick = NULL; + cmdline_hostname = NULL; + args_register(options); Index: patches/patch-src_fe-text_irssi_c =================================================================== RCS file: patches/patch-src_fe-text_irssi_c diff -N patches/patch-src_fe-text_irssi_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_fe-text_irssi_c 7 Jun 2019 13:22:26 -0000 @@ -0,0 +1,17 @@ +$OpenBSD$ + +Index: src/fe-text/irssi.c +--- src/fe-text/irssi.c.orig ++++ src/fe-text/irssi.c +@@ -334,6 +334,11 @@ int main(int argc, char **argv) + + g_log_set_always_fatal(loglev); + textui_finish_init(); ++ ++#ifdef HAVE_PLEDGE ++ pledge_init(); ++#endif ++ + main_loop = g_main_new(TRUE); + + /* Does the same as g_main_run(main_loop), except we