Re: devel/fossil: uses pledge() [upstream support / and broken]
On Sun, Mar 25, 2018 at 02:19:59PM -0400, James Turner wrote: > As it seems this is only trigger when the default permissions on the > .fossil file is changed I think we are fine for the 6.3 release. Also > considering the tree was just locked :). I agree. pledge() is enforced only on "fossil status" command, and the violation occurs due to umask change between first fossil(1) run (which created ~/.fossil) and next ones. It seems sqlite3 library (fossil is based on it) will enforce some permission on temporary journal file .fossil-journal to be same as .fossil. > I would suggested submitting a bug upstream letting them know they need > the additional pledge when they try to chmod the file back if it gets > changed. I sent a mail yesterday on the fossil-users@ list, but it didn't poped. I subscribed to the list and resent it this morning. > I'll add the # pledge comment on the next update I commit, thanks for > the heads up on that. Thanks. -- Sebastien Marie
Re: devel/fossil: uses pledge() [upstream support / and broken]
As it seems this is only trigger when the default permissions on the .fossil file is changed I think we are fine for the 6.3 release. Also considering the tree was just locked :). I would suggested submitting a bug upstream letting them know they need the additional pledge when they try to chmod the file back if it gets changed. I'll add the # pledge comment on the next update I commit, thanks for the heads up on that. On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote: > Hi, > > I just found (hard way) that devel/fossil has upstream support for > pledge(2). > > It would be preferable to mark it on Makefile. > > $ grep -R pledge . > ./fossil-2.5/auto.def:cc-check-functions pledge > ./fossil-2.5/src/checkin.c: fossil_pledge("stdio rpath wpath cpath id flock > tty chown"); > ./fossil-2.5/src/config.h:** The pledge() interface is currently only > available on OpenBSD 5.9 > ./fossil-2.5/src/config.h:** and later. Make calls to fossil_pledge() no-ops > on all platforms > ./fossil-2.5/src/config.h:# define fossil_pledge(A) > ./fossil-2.5/src/util.c:** Interface to pledge() on OpenBSD 5.9 and later. > ./fossil-2.5/src/util.c:** On platforms that have pledge(), use this routine. > ./fossil-2.5/src/util.c:void fossil_pledge(const char *promises){ > ./fossil-2.5/src/util.c: if( pledge(promises, 0) ){ > ./fossil-2.5/src/util.c:fossil_fatal("pledge(\"%s\",NULL) fails with > errno=%d", > ./fossil-2.5/www/changes.wiki: * Initial infrastructure is in place to make > use of the pledge() > ./fossil-2.5/auto.def.orig:cc-check-functions pledge > > > And I am tracing the problem, before reporting the bug upstream... > > I dunno how to deal with it currently: the version we have in ports is > broken... should we just disable the check for release (and ship an > unpledged but working executable) ? > > The provided diff just adds the pledge() marker. > > > Regarding the pledge() problem: > > The 'status' command trigger it. > > $ fossil status > ... > Abort trap (core dumped) > > $ dmesg | tail -1 > fossil[75892]: pledge "fattr", syscall 124 > > $ kdump > 8372 fossil CALL > open(0x10e760b8169f,0x10202,0644) > 8372 fossil NAMI "/home/semarie/.fossil-journal" > 8372 fossil RET open 6 > 8372 fossil CALL fstat(6,0x7f7ea210) > 8372 fossil STRU struct stat { dev=1047, ino=289569, mode=-rw-r- , > nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, > atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 25 > 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 > 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 } > 8372 fossil RET fstat 0 > 8372 fossil CALL fchmod(6,0644) > 8372 fossil PLDG fchmod, "fattr", errno 1 Operation not permitted > 8372 fossil PSIG SIGABRT SIG_DFL > 8372 fossil NAMI "fossil.core" > > > -- > Sebastien Marie > > Index: Makefile > === > RCS file: /cvs/ports/devel/fossil/Makefile,v > retrieving revision 1.62 > diff -u -p -r1.62 Makefile > --- Makefile9 Feb 2018 19:42:45 - 1.62 > +++ Makefile25 Mar 2018 07:12:29 - > @@ -18,6 +18,7 @@ PERMIT_PACKAGE_CDROM =Yes > FLAVORS= static > FLAVOR?= > > +# uses pledge() > WANTLIB = c crypto fuse m ssl z > > MODULES = lang/tcl -- James Turner
Re: devel/fossil: uses pledge() [upstream support / and broken]
On Sun, Mar 25, 2018 at 02:32:05PM -0400, James Turner wrote: > On Mon, Mar 26, 2018 at 06:30:16AM +1300, Carlin Bingham wrote: > > On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote: > > > Hi, > > > > > > [ ... ] > > > > > > Regarding the pledge() problem: > > > > > > The 'status' command trigger it. > > > > > > $ fossil status > > > ... > > > Abort trap (core dumped) > > > > > > $ dmesg | tail -1 > > > fossil[75892]: pledge "fattr", syscall 124 > > > > > > $ kdump > > > 8372 fossil CALL > > > open(0x10e760b8169f,0x10202,0644) > > > 8372 fossil NAMI "/home/semarie/.fossil-journal" > > > 8372 fossil RET open 6 > > > 8372 fossil CALL fstat(6,0x7f7ea210) > > > 8372 fossil STRU struct stat { dev=1047, ino=289569, mode=-rw-r- > > > , nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, > > > atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar > > > 25 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 > > > 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 } > > > > I can replicate this by setting umask 027. The permissions of that file > > are usually mode=-rw-r--r-- and it seems if it's altered by umask it > > tries to call fchmod to set them back and then dies. > > > > > > -- > > Carlin > > Up and it looks like this has already been fixed upstream. > http://fossil-scm.org/index.html/info/396513fa4a6f8da8 > Sorry, I linked to a chown commit not one related to chmod. This is probably still a bug. -- James Turner
Re: devel/fossil: uses pledge() [upstream support / and broken]
On Mon, Mar 26, 2018 at 06:30:16AM +1300, Carlin Bingham wrote: > On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote: > > Hi, > > > > [ ... ] > > > > Regarding the pledge() problem: > > > > The 'status' command trigger it. > > > > $ fossil status > > ... > > Abort trap (core dumped) > > > > $ dmesg | tail -1 > > fossil[75892]: pledge "fattr", syscall 124 > > > > $ kdump > > 8372 fossil CALL > > open(0x10e760b8169f,0x10202,0644) > > 8372 fossil NAMI "/home/semarie/.fossil-journal" > > 8372 fossil RET open 6 > > 8372 fossil CALL fstat(6,0x7f7ea210) > > 8372 fossil STRU struct stat { dev=1047, ino=289569, mode=-rw-r- , > > nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, > > atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar > > 25 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 > > 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 } > > I can replicate this by setting umask 027. The permissions of that file > are usually mode=-rw-r--r-- and it seems if it's altered by umask it > tries to call fchmod to set them back and then dies. > > > -- > Carlin Up and it looks like this has already been fixed upstream. http://fossil-scm.org/index.html/info/396513fa4a6f8da8 -- James Turner
Re: devel/fossil: uses pledge() [upstream support / and broken]
On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote: > Hi, > > [ ... ] > > Regarding the pledge() problem: > > The 'status' command trigger it. > > $ fossil status > ... > Abort trap (core dumped) > > $ dmesg | tail -1 > fossil[75892]: pledge "fattr", syscall 124 > > $ kdump > 8372 fossil CALL > open(0x10e760b8169f,0x10202,0644) > 8372 fossil NAMI "/home/semarie/.fossil-journal" > 8372 fossil RET open 6 > 8372 fossil CALL fstat(6,0x7f7ea210) > 8372 fossil STRU struct stat { dev=1047, ino=289569, mode=-rw-r- , > nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, > atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 25 > 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 > 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 } I can replicate this by setting umask 027. The permissions of that file are usually mode=-rw-r--r-- and it seems if it's altered by umask it tries to call fchmod to set them back and then dies. -- Carlin
devel/fossil: uses pledge() [upstream support / and broken]
Hi, I just found (hard way) that devel/fossil has upstream support for pledge(2). It would be preferable to mark it on Makefile. $ grep -R pledge . ./fossil-2.5/auto.def:cc-check-functions pledge ./fossil-2.5/src/checkin.c: fossil_pledge("stdio rpath wpath cpath id flock tty chown"); ./fossil-2.5/src/config.h:** The pledge() interface is currently only available on OpenBSD 5.9 ./fossil-2.5/src/config.h:** and later. Make calls to fossil_pledge() no-ops on all platforms ./fossil-2.5/src/config.h:# define fossil_pledge(A) ./fossil-2.5/src/util.c:** Interface to pledge() on OpenBSD 5.9 and later. ./fossil-2.5/src/util.c:** On platforms that have pledge(), use this routine. ./fossil-2.5/src/util.c:void fossil_pledge(const char *promises){ ./fossil-2.5/src/util.c: if( pledge(promises, 0) ){ ./fossil-2.5/src/util.c:fossil_fatal("pledge(\"%s\",NULL) fails with errno=%d", ./fossil-2.5/www/changes.wiki: * Initial infrastructure is in place to make use of the pledge() ./fossil-2.5/auto.def.orig:cc-check-functions pledge And I am tracing the problem, before reporting the bug upstream... I dunno how to deal with it currently: the version we have in ports is broken... should we just disable the check for release (and ship an unpledged but working executable) ? The provided diff just adds the pledge() marker. Regarding the pledge() problem: The 'status' command trigger it. $ fossil status ... Abort trap (core dumped) $ dmesg | tail -1 fossil[75892]: pledge "fattr", syscall 124 $ kdump 8372 fossil CALL open(0x10e760b8169f,0x10202,0644) 8372 fossil NAMI "/home/semarie/.fossil-journal" 8372 fossil RET open 6 8372 fossil CALL fstat(6,0x7f7ea210) 8372 fossil STRU struct stat { dev=1047, ino=289569, mode=-rw-r- , nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 25 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 } 8372 fossil RET fstat 0 8372 fossil CALL fchmod(6,0644) 8372 fossil PLDG fchmod, "fattr", errno 1 Operation not permitted 8372 fossil PSIG SIGABRT SIG_DFL 8372 fossil NAMI "fossil.core" -- Sebastien Marie Index: Makefile === RCS file: /cvs/ports/devel/fossil/Makefile,v retrieving revision 1.62 diff -u -p -r1.62 Makefile --- Makefile9 Feb 2018 19:42:45 - 1.62 +++ Makefile25 Mar 2018 07:12:29 - @@ -18,6 +18,7 @@ PERMIT_PACKAGE_CDROM =Yes FLAVORS= static FLAVOR?= +# uses pledge() WANTLIB = c crypto fuse m ssl z MODULES = lang/tcl