Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, 12 Sep 2018 17:52:35 +0100 "Roberto E. Vargas Caballero" wrote: Dear Roberto, > Your oppinion is irrelevant, I don't accept sugestions form fanboys. > This is not about security, it is about writing suckless code that > can be understood easily, that can be maintained easily and it is > portable. that's your choice as the maintainer and I am not a fanboy. OpenBSD is objectively more secure and it's mainly due to their approach. Credit where credit is due. OpenBSD has weaknesses in other fields where Linux shines, but to be honest OpenBSD always has a special place in my heart and their work is truly inspiring. > Security is about designing good system and doing a proper separation > of responsabilities. Mitigations are only a distraction. You should > read [1]. > > [1] https://cr.yp.to/qmail/qmailsec-20071101.pdf Separation of concerns and mitigations are both approaches that should not be made exclusively, but in concert in my opinion. I will make sure to read the paper you pointed me to. > If you don't understand any of my reasons, then you should stop > posting here and begin to post to OpenBSD, I am pretty sure that Theo > will be more friendly than we are (irony mode off). Your reasons are simple to understand. The main argument is to ask: "When we add OpenBSD-specific code, why not Linux-specific code as well?". I gave you my 2 cents on this topic. If you disregard them, that's okay, as I said in the original mail that you as the maintainer make that decision. There is no canonical choice here, as I also already said. In an ideal world we would have portable interfaces for this, but there aren't. Surely ii runs without unveil() just fine, however, you have bigger problems when you need a good source of entropy that is secure to "tap". Anyway, I didn't want to explode this thread. Dimitris and Hiltjo also expressed their positions on this and gave very good reasons, so in the end the decision to externalize the patches into the wiki is supported by the majority, including myself. :) With best regards Laslo -- Laslo Hunhold
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, Sep 12, 2018 at 10:19:32AM +0200, Laslo Hunhold wrote: > Adding ifdefs of course is a tough decision in any case, though I > always think that suckless tools should be really more tuned towards > OpenBSD as it really is probably the most suckless operating system > around. You are wrong, there is nothing about OpenBSD in suckless. You can write suckless code in Windows, and any unix alike operating system today sucks a lot. > > If we turn this into patches it just means more work in maintenance > and, as quoted above, optional security is often forgotten. Also, this > change is relatively simple and we don't have an ifdef-tree or anything. Your oppinion is irrelevant, I don't accept sugestions form fanboys. This is not about security, it is about writing suckless code that can be understood easily, that can be maintained easily and it is portable. Security is about designing good system and doing a proper separation of responsabilities. Mitigations are only a distraction. You should read [1]. If you don't understand any of my reasons, then you should stop posting here and begin to post to OpenBSD, I am pretty sure that Theo will be more friendly than we are (irony mode off). Regards, [1] https://cr.yp.to/qmail/qmailsec-20071101.pdf
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, Sep 12, 2018 at 10:19:32AM +0200, Laslo Hunhold wrote: > On Wed, 12 Sep 2018 09:36:29 +0200 > Hiltjo Posthuma wrote: > > Dear Hiltjo, > > > I think you have a good point. Maybe we should revert the pledge(2) > > changes and put them on the wiki. The patches could be maintained > > separately and added to the OS ports. > > > > What is the community opinion about this? > > I would quote Theo de Raadt on this[0]. Optional security is > irrelevant. > > Adding ifdefs of course is a tough decision in any case, though I > always think that suckless tools should be really more tuned towards > OpenBSD as it really is probably the most suckless operating system > around. Whatever we do we should avoid the ifdefs.
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, 12 Sep 2018 09:36:29 +0200 Hiltjo Posthuma wrote: Dear Hiltjo, > I think you have a good point. Maybe we should revert the pledge(2) > changes and put them on the wiki. The patches could be maintained > separately and added to the OS ports. > > What is the community opinion about this? I would quote Theo de Raadt on this[0]. Optional security is irrelevant. Adding ifdefs of course is a tough decision in any case, though I always think that suckless tools should be really more tuned towards OpenBSD as it really is probably the most suckless operating system around. If we turn this into patches it just means more work in maintenance and, as quoted above, optional security is often forgotten. Also, this change is relatively simple and we don't have an ifdef-tree or anything. I would strongly favor keeping this in upstream, but also understand the opposing arguments. It's a tough call, but the maintainer as always has the last word. With best regards Laslo [0]:https://www.openbsd.org/papers/hackfest2015-pledge/mgp5.html -- Laslo Hunhold
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
> > […] All these > > patches must go to the patches section and not in the main > > repo. > > I think you have a good point. Maybe we should revert the pledge(2) changes > and > put them on the wiki. The patches could be maintained separately and added to > the OS ports. > > What is the community opinion about this? As we briefly discussed on IRC yesterday, I agree.
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, Sep 12, 2018 at 08:20:38AM +0100, Roberto E. Vargas Caballero wrote: > On Tue, Sep 11, 2018 at 08:14:25PM -0300, Gleydson Soares wrote: > > the following patch brings support for OpenBSD's unveil(2) mechanism for > > ii. > > Guys, we should stop sending this kind of patches. If we begin to > fill all the suckless projects with #ifdef __OpenBSD__, why do we not > fill them with #ifdef __linux__? > > If this patch is accepted then I will send a patch to add suppport > for selinux and other one to add support for capsicum. All these > patches must go to the patches section and not in the main > repo. > > Regards, > I think you have a good point. Maybe we should revert the pledge(2) changes and put them on the wiki. The patches could be maintained separately and added to the OS ports. What is the community opinion about this? dmenu, dwm and st exact behaviour makes it harder to map because of the underlying libraries. For example lazy-loading of fallback fonts further in the code (rpath). Furthermore unveil(2) is currently only in -current and it is being "tuned" at the moment afaik. Thanks for the patches though! -- Kind regards, Hiltjo
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Tue, Sep 11, 2018 at 08:14:25PM -0300, Gleydson Soares wrote: > the following patch brings support for OpenBSD's unveil(2) mechanism for > ii. Guys, we should stop sending this kind of patches. If we begin to fill all the suckless projects with #ifdef __OpenBSD__, why do we not fill them with #ifdef __linux__? If this patch is accepted then I will send a patch to add suppport for selinux and other one to add support for capsicum. All these patches must go to the patches section and not in the main repo. Regards,