Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
I'm not saying OpenBSD is without defects. Only a stupid person would say that. It has a lot of legacy cruft as well. We are not in an ideal world, but I don't need to repeat that point. Hi, I'm a fellow OpenBSD user. There's a bug in OpenBSD's make(1) and nobody is willing to fix it. https://www.reddit.com/r/openbsd/comments/9e3mgj/makefile_problem/ https://marc.info/?l=openbsd-bugs&m=153609777605358&w=2 Here's your chance to make OpenBSD even better!
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Thu, 13 Sep 2018 09:39:44 +0100 "Roberto E. Vargas Caballero" wrote: Dear Roberto, > You shpuld read those [1] and [2]. OpenBSD *IS NOT* objectively > more secure. It only had less security defects because it has less > people inspecting the code. For so many years OpenBSD was running > with very important vulnerabilities that weren't noticied by anyone. this is probably the other extreme view to see it. If we only take a look at e.g. LibreSSL vs. OpenSSL and how the project fared in the last few years, it's obvious their defensive approach to programming paid off massively. Also keep in mind that they have diminishingly less manpower than the Linux ecosystem. If you take that in regard, the perspective shifts. In absolute terms the vulnerabilities you pointed to are/were a big issue, and there will be more of these things in the future. I'm not saying OpenBSD is without defects. Only a stupid person would say that. It has a lot of legacy cruft as well. We are not in an ideal world, but I don't need to repeat that point. > No. This is how when we complaint about the linux users putting > #/bin/bash or using GNU extensions in Makefiles. Core OpenBSD > developers are totally differtent, but OpenBSD is creating a full > culture of people around that only has a centralized view of the > world. They don't contrast the point and they don't generate a > critical actitude, everything that comes from OpenBSD is right, > and OpenBSD is the more secure system, which is obviously false > (there are other systems that are more secure and more reliable, > but maybe less usable, than OpenBSD). Yes, OpenBSD fanboyism is real and it exists. You are false though to get the impression that I am such a fanboy, as elaborated above. :P With best regards Laslo -- Laslo Hunhold
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
Hi, On Wed, Sep 12, 2018 at 08:08:39PM +0200, Laslo Hunhold wrote: > that's your choice as the maintainer and I am not a fanboy. OpenBSD is > objectively more secure and it's mainly due to their approach. Credit > where credit is due. You shpuld read those [1] and [2]. OpenBSD *IS NOT* objectively more secure. It only had less security defects because it has less people inspecting the code. For so many years OpenBSD was running with very important vulnerabilities that weren't noticied by anyone. > > If you don't understand any of my reasons, then you should stop > > posting here and begin to post to OpenBSD, I am pretty sure that Theo > > will be more friendly than we are (irony mode off). > > Your reasons are simple to understand. The main argument is to > ask: "When we add OpenBSD-specific code, why not Linux-specific code as > well?". No, my point is about having suckless code, and having that ifdef there makes the code suckmore. Offline I suggested other solutions, as Dimitris and Hiltjo can confirm, like for example having the patches in the repo and a rule in the Makefile to patch the sources, or like creating local versions of the interfaces (ex: mypledge) and having the ifdef there, or having a file per system with the specific code of the system. All this options were discarded because at the end we are missing the point of suckless: Good code and simplicity as first objective. > In an ideal world we would have portable interfaces for this, but there > aren't. Surely ii runs without unveil() just fine, however, you have > bigger problems when you need a good source of entropy that is secure > to "tap". No. This is how when we complaint about the linux users putting #/bin/bash or using GNU extensions in Makefiles. Core OpenBSD developers are totally differtent, but OpenBSD is creating a full culture of people around that only has a centralized view of the world. They don't contrast the point and they don't generate a critical actitude, everything that comes from OpenBSD is right, and OpenBSD is the more secure system, which is obviously false (there are other systems that are more secure and more reliable, but maybe less usable, than OpenBSD). This is why I called you a fanboy, because you don't have that critical spirit and you don't try to think by yourself, you only repeat dogmas that someone else created. Roberto. [1] https://www.openbsd.org/papers/fuzz-slides.pdf [2] https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, 12 Sep 2018 17:52:35 +0100 "Roberto E. Vargas Caballero" wrote: Dear Roberto, > Your oppinion is irrelevant, I don't accept sugestions form fanboys. > This is not about security, it is about writing suckless code that > can be understood easily, that can be maintained easily and it is > portable. that's your choice as the maintainer and I am not a fanboy. OpenBSD is objectively more secure and it's mainly due to their approach. Credit where credit is due. OpenBSD has weaknesses in other fields where Linux shines, but to be honest OpenBSD always has a special place in my heart and their work is truly inspiring. > Security is about designing good system and doing a proper separation > of responsabilities. Mitigations are only a distraction. You should > read [1]. > > [1] https://cr.yp.to/qmail/qmailsec-20071101.pdf Separation of concerns and mitigations are both approaches that should not be made exclusively, but in concert in my opinion. I will make sure to read the paper you pointed me to. > If you don't understand any of my reasons, then you should stop > posting here and begin to post to OpenBSD, I am pretty sure that Theo > will be more friendly than we are (irony mode off). Your reasons are simple to understand. The main argument is to ask: "When we add OpenBSD-specific code, why not Linux-specific code as well?". I gave you my 2 cents on this topic. If you disregard them, that's okay, as I said in the original mail that you as the maintainer make that decision. There is no canonical choice here, as I also already said. In an ideal world we would have portable interfaces for this, but there aren't. Surely ii runs without unveil() just fine, however, you have bigger problems when you need a good source of entropy that is secure to "tap". Anyway, I didn't want to explode this thread. Dimitris and Hiltjo also expressed their positions on this and gave very good reasons, so in the end the decision to externalize the patches into the wiki is supported by the majority, including myself. :) With best regards Laslo -- Laslo Hunhold
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, Sep 12, 2018 at 10:19:32AM +0200, Laslo Hunhold wrote: > Adding ifdefs of course is a tough decision in any case, though I > always think that suckless tools should be really more tuned towards > OpenBSD as it really is probably the most suckless operating system > around. You are wrong, there is nothing about OpenBSD in suckless. You can write suckless code in Windows, and any unix alike operating system today sucks a lot. > > If we turn this into patches it just means more work in maintenance > and, as quoted above, optional security is often forgotten. Also, this > change is relatively simple and we don't have an ifdef-tree or anything. Your oppinion is irrelevant, I don't accept sugestions form fanboys. This is not about security, it is about writing suckless code that can be understood easily, that can be maintained easily and it is portable. Security is about designing good system and doing a proper separation of responsabilities. Mitigations are only a distraction. You should read [1]. If you don't understand any of my reasons, then you should stop posting here and begin to post to OpenBSD, I am pretty sure that Theo will be more friendly than we are (irony mode off). Regards, [1] https://cr.yp.to/qmail/qmailsec-20071101.pdf
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, Sep 12, 2018 at 10:19:32AM +0200, Laslo Hunhold wrote: > On Wed, 12 Sep 2018 09:36:29 +0200 > Hiltjo Posthuma wrote: > > Dear Hiltjo, > > > I think you have a good point. Maybe we should revert the pledge(2) > > changes and put them on the wiki. The patches could be maintained > > separately and added to the OS ports. > > > > What is the community opinion about this? > > I would quote Theo de Raadt on this[0]. Optional security is > irrelevant. > > Adding ifdefs of course is a tough decision in any case, though I > always think that suckless tools should be really more tuned towards > OpenBSD as it really is probably the most suckless operating system > around. Whatever we do we should avoid the ifdefs.
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, 12 Sep 2018 09:36:29 +0200 Hiltjo Posthuma wrote: Dear Hiltjo, > I think you have a good point. Maybe we should revert the pledge(2) > changes and put them on the wiki. The patches could be maintained > separately and added to the OS ports. > > What is the community opinion about this? I would quote Theo de Raadt on this[0]. Optional security is irrelevant. Adding ifdefs of course is a tough decision in any case, though I always think that suckless tools should be really more tuned towards OpenBSD as it really is probably the most suckless operating system around. If we turn this into patches it just means more work in maintenance and, as quoted above, optional security is often forgotten. Also, this change is relatively simple and we don't have an ifdef-tree or anything. I would strongly favor keeping this in upstream, but also understand the opposing arguments. It's a tough call, but the maintainer as always has the last word. With best regards Laslo [0]:https://www.openbsd.org/papers/hackfest2015-pledge/mgp5.html -- Laslo Hunhold
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
> > […] All these > > patches must go to the patches section and not in the main > > repo. > > I think you have a good point. Maybe we should revert the pledge(2) changes > and > put them on the wiki. The patches could be maintained separately and added to > the OS ports. > > What is the community opinion about this? As we briefly discussed on IRC yesterday, I agree.
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Wed, Sep 12, 2018 at 08:20:38AM +0100, Roberto E. Vargas Caballero wrote: > On Tue, Sep 11, 2018 at 08:14:25PM -0300, Gleydson Soares wrote: > > the following patch brings support for OpenBSD's unveil(2) mechanism for > > ii. > > Guys, we should stop sending this kind of patches. If we begin to > fill all the suckless projects with #ifdef __OpenBSD__, why do we not > fill them with #ifdef __linux__? > > If this patch is accepted then I will send a patch to add suppport > for selinux and other one to add support for capsicum. All these > patches must go to the patches section and not in the main > repo. > > Regards, > I think you have a good point. Maybe we should revert the pledge(2) changes and put them on the wiki. The patches could be maintained separately and added to the OS ports. What is the community opinion about this? dmenu, dwm and st exact behaviour makes it harder to map because of the underlying libraries. For example lazy-loading of fallback fonts further in the code (rpath). Furthermore unveil(2) is currently only in -current and it is being "tuned" at the moment afaik. Thanks for the patches though! -- Kind regards, Hiltjo
Re: [hackers] [ii][patch] add support for OpenBSD unveil(2)
On Tue, Sep 11, 2018 at 08:14:25PM -0300, Gleydson Soares wrote: > the following patch brings support for OpenBSD's unveil(2) mechanism for > ii. Guys, we should stop sending this kind of patches. If we begin to fill all the suckless projects with #ifdef __OpenBSD__, why do we not fill them with #ifdef __linux__? If this patch is accepted then I will send a patch to add suppport for selinux and other one to add support for capsicum. All these patches must go to the patches section and not in the main repo. Regards,
[hackers] [ii][patch] add support for OpenBSD unveil(2)
the following patch brings support for OpenBSD's unveil(2) mechanism for ii. diff --git a/ii.c b/ii.c index 6c87314..76be002 100644 --- a/ii.c +++ b/ii.c @@ -827,7 +827,19 @@ main(int argc, char *argv[]) else ircfd = tcpopen(host, service); + r = snprintf(ircpath, sizeof(ircpath), "%s/%s", prefix, host); + if (r < 0 || (size_t)r >= sizeof(ircpath)) { + fprintf(stderr, "%s: path to irc directory too long\n", argv0); + exit(1); + } + create_dirtree(ircpath); + #ifdef __OpenBSD__ + /* OpenBSD unveil(2) support */ + if (unveil(ircpath, "rwc") == -1) { + fprintf(stderr, "%s: unveil: %s\n", argv0, strerror(errno)); + exit(1); + } /* OpenBSD pledge(2) support */ if (pledge("stdio rpath wpath cpath dpath", NULL) == -1) { fprintf(stderr, "%s: pledge: %s\n", argv0, strerror(errno)); @@ -835,13 +847,6 @@ main(int argc, char *argv[]) } #endif - r = snprintf(ircpath, sizeof(ircpath), "%s/%s", prefix, host); - if (r < 0 || (size_t)r >= sizeof(ircpath)) { - fprintf(stderr, "%s: path to irc directory too long\n", argv0); - exit(1); - } - create_dirtree(ircpath); - channelmaster = channel_add(""); /* master channel */ if (key) loginkey(ircfd, key);