Re: devel/fossil: uses pledge() [upstream support / and broken]

2018-03-25 Thread Sebastien Marie 
On Sun, Mar 25, 2018 at 02:19:59PM -0400, James Turner wrote:
> As it seems this is only trigger when the default permissions on the
> .fossil file is changed I think we are fine for the 6.3 release. Also
> considering the tree was just locked :).

I agree. pledge() is enforced only on "fossil status" command, and the
violation occurs due to umask change between first fossil(1) run (which
created ~/.fossil) and next ones.

It seems sqlite3 library (fossil is based on it) will enforce some
permission on temporary journal file .fossil-journal to be same as
.fossil.

> I would suggested submitting a bug upstream letting them know they need
> the additional pledge when they try to chmod the file back if it gets
> changed.

I sent a mail yesterday on the fossil-users@ list, but it didn't poped.
I subscribed to the list and resent it this morning.

> I'll add the # pledge comment on the next update I commit, thanks for
> the heads up on that.

Thanks.
-- 
Sebastien Marie

Re: devel/fossil: uses pledge() [upstream support / and broken]

2018-03-25 Thread James Turner 
As it seems this is only trigger when the default permissions on the
.fossil file is changed I think we are fine for the 6.3 release. Also
considering the tree was just locked :).

I would suggested submitting a bug upstream letting them know they need
the additional pledge when they try to chmod the file back if it gets
changed.

I'll add the # pledge comment on the next update I commit, thanks for
the heads up on that.

On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote:
> Hi,
> 
> I just found (hard way) that devel/fossil has upstream support for
> pledge(2).
> 
> It would be preferable to mark it on Makefile.
> 
> $ grep -R pledge .
> ./fossil-2.5/auto.def:cc-check-functions pledge
> ./fossil-2.5/src/checkin.c:  fossil_pledge("stdio rpath wpath cpath id flock 
> tty chown");
> ./fossil-2.5/src/config.h:** The pledge() interface is currently only 
> available on OpenBSD 5.9
> ./fossil-2.5/src/config.h:** and later.  Make calls to fossil_pledge() no-ops 
> on all platforms
> ./fossil-2.5/src/config.h:# define fossil_pledge(A)
> ./fossil-2.5/src/util.c:** Interface to pledge() on OpenBSD 5.9 and later.
> ./fossil-2.5/src/util.c:** On platforms that have pledge(), use this routine.
> ./fossil-2.5/src/util.c:void fossil_pledge(const char *promises){
> ./fossil-2.5/src/util.c:  if( pledge(promises, 0) ){
> ./fossil-2.5/src/util.c:fossil_fatal("pledge(\"%s\",NULL) fails with 
> errno=%d",
> ./fossil-2.5/www/changes.wiki:  *  Initial infrastructure is in place to make 
> use of the pledge()
> ./fossil-2.5/auto.def.orig:cc-check-functions pledge
> 
> 
> And I am tracing the problem, before reporting the bug upstream...
> 
> I dunno how to deal with it currently: the version we have in ports is
> broken... should we just disable the check for release (and ship an
> unpledged but working executable) ?
> 
> The provided diff just adds the pledge() marker.
> 
> 
> Regarding the pledge() problem:
> 
> The 'status' command trigger it.
> 
> $ fossil status
> ...
> Abort trap (core dumped)
> 
> $ dmesg | tail -1
> fossil[75892]: pledge "fattr", syscall 124
> 
> $ kdump
>   8372 fossil   CALL  
> open(0x10e760b8169f,0x10202,0644)
>   8372 fossil   NAMI  "/home/semarie/.fossil-journal"
>   8372 fossil   RET   open 6
>   8372 fossil   CALL  fstat(6,0x7f7ea210)
>   8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- , 
> nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
> atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 25 
> 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 
> 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }
>   8372 fossil   RET   fstat 0
>   8372 fossil   CALL  fchmod(6,0644)
>   8372 fossil   PLDG  fchmod, "fattr", errno 1 Operation not permitted
>   8372 fossil   PSIG  SIGABRT SIG_DFL
>   8372 fossil   NAMI  "fossil.core"
> 
> 
> -- 
> Sebastien Marie
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/devel/fossil/Makefile,v
> retrieving revision 1.62
> diff -u -p -r1.62 Makefile
> --- Makefile9 Feb 2018 19:42:45 -   1.62
> +++ Makefile25 Mar 2018 07:12:29 -
> @@ -18,6 +18,7 @@ PERMIT_PACKAGE_CDROM =Yes
>  FLAVORS=   static
>  FLAVOR?=
> 
> +# uses pledge()
>  WANTLIB =  c crypto fuse m ssl z
> 
>  MODULES =  lang/tcl

-- 
James Turner

Re: devel/fossil: uses pledge() [upstream support / and broken]

2018-03-25 Thread James Turner 
On Sun, Mar 25, 2018 at 02:32:05PM -0400, James Turner wrote:
> On Mon, Mar 26, 2018 at 06:30:16AM +1300, Carlin Bingham wrote:
> > On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote:
> > > Hi,
> > > 
> > > [ ... ]
> > > 
> > > Regarding the pledge() problem:
> > > 
> > > The 'status' command trigger it.
> > > 
> > > $ fossil status
> > > ...
> > > Abort trap (core dumped)
> > > 
> > > $ dmesg | tail -1
> > > fossil[75892]: pledge "fattr", syscall 124
> > > 
> > > $ kdump
> > >   8372 fossil   CALL  
> > > open(0x10e760b8169f,0x10202,0644)
> > >   8372 fossil   NAMI  "/home/semarie/.fossil-journal"
> > >   8372 fossil   RET   open 6
> > >   8372 fossil   CALL  fstat(6,0x7f7ea210)
> > >   8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- 
> > > , nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
> > > atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 
> > > 25 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 
> > > 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }
> > 
> > I can replicate this by setting umask 027. The permissions of that file
> > are usually mode=-rw-r--r-- and it seems if it's altered by umask it
> > tries to call fchmod to set them back and then dies.
> > 
> > 
> > --
> > Carlin
> 
> Up and it looks like this has already been fixed upstream. 
> http://fossil-scm.org/index.html/info/396513fa4a6f8da8
> 

Sorry, I linked to a chown commit not one related to chmod. This is
probably still a bug.

-- 
James Turner

Re: devel/fossil: uses pledge() [upstream support / and broken]

2018-03-25 Thread James Turner 
On Mon, Mar 26, 2018 at 06:30:16AM +1300, Carlin Bingham wrote:
> On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote:
> > Hi,
> > 
> > [ ... ]
> > 
> > Regarding the pledge() problem:
> > 
> > The 'status' command trigger it.
> > 
> > $ fossil status
> > ...
> > Abort trap (core dumped)
> > 
> > $ dmesg | tail -1
> > fossil[75892]: pledge "fattr", syscall 124
> > 
> > $ kdump
> >   8372 fossil   CALL  
> > open(0x10e760b8169f,0x10202,0644)
> >   8372 fossil   NAMI  "/home/semarie/.fossil-journal"
> >   8372 fossil   RET   open 6
> >   8372 fossil   CALL  fstat(6,0x7f7ea210)
> >   8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- , 
> > nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
> > atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 
> > 25 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 
> > 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }
> 
> I can replicate this by setting umask 027. The permissions of that file
> are usually mode=-rw-r--r-- and it seems if it's altered by umask it
> tries to call fchmod to set them back and then dies.
> 
> 
> --
> Carlin

Up and it looks like this has already been fixed upstream. 
http://fossil-scm.org/index.html/info/396513fa4a6f8da8

-- 
James Turner

Re: devel/fossil: uses pledge() [upstream support / and broken]

2018-03-25 Thread Carlin Bingham 
On Sun, Mar 25, 2018 at 09:23:14AM +0200, Sebastien Marie wrote:
> Hi,
> 
> [ ... ]
> 
> Regarding the pledge() problem:
> 
> The 'status' command trigger it.
> 
> $ fossil status
> ...
> Abort trap (core dumped)
> 
> $ dmesg | tail -1
> fossil[75892]: pledge "fattr", syscall 124
> 
> $ kdump
>   8372 fossil   CALL  
> open(0x10e760b8169f,0x10202,0644)
>   8372 fossil   NAMI  "/home/semarie/.fossil-journal"
>   8372 fossil   RET   open 6
>   8372 fossil   CALL  fstat(6,0x7f7ea210)
>   8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- , 
> nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
> atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 25 
> 09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 
> 2018">.594806497, size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }

I can replicate this by setting umask 027. The permissions of that file
are usually mode=-rw-r--r-- and it seems if it's altered by umask it
tries to call fchmod to set them back and then dies.


--
Carlin

devel/fossil: uses pledge() [upstream support / and broken]

2018-03-25 Thread Sebastien Marie 
Hi,

I just found (hard way) that devel/fossil has upstream support for
pledge(2).

It would be preferable to mark it on Makefile.

$ grep -R pledge .
./fossil-2.5/auto.def:cc-check-functions pledge
./fossil-2.5/src/checkin.c:  fossil_pledge("stdio rpath wpath cpath id flock 
tty chown");
./fossil-2.5/src/config.h:** The pledge() interface is currently only available 
on OpenBSD 5.9
./fossil-2.5/src/config.h:** and later.  Make calls to fossil_pledge() no-ops 
on all platforms
./fossil-2.5/src/config.h:# define fossil_pledge(A)
./fossil-2.5/src/util.c:** Interface to pledge() on OpenBSD 5.9 and later.
./fossil-2.5/src/util.c:** On platforms that have pledge(), use this routine.
./fossil-2.5/src/util.c:void fossil_pledge(const char *promises){
./fossil-2.5/src/util.c:  if( pledge(promises, 0) ){
./fossil-2.5/src/util.c:fossil_fatal("pledge(\"%s\",NULL) fails with 
errno=%d",
./fossil-2.5/www/changes.wiki:  *  Initial infrastructure is in place to make 
use of the pledge()
./fossil-2.5/auto.def.orig:cc-check-functions pledge


And I am tracing the problem, before reporting the bug upstream...

I dunno how to deal with it currently: the version we have in ports is
broken... should we just disable the check for release (and ship an
unpledged but working executable) ?

The provided diff just adds the pledge() marker.


Regarding the pledge() problem:

The 'status' command trigger it.

$ fossil status
...
Abort trap (core dumped)

$ dmesg | tail -1
fossil[75892]: pledge "fattr", syscall 124

$ kdump
  8372 fossil   CALL  
open(0x10e760b8169f,0x10202,0644)
  8372 fossil   NAMI  "/home/semarie/.fossil-journal"
  8372 fossil   RET   open 6
  8372 fossil   CALL  fstat(6,0x7f7ea210)
  8372 fossil   STRU  struct stat { dev=1047, ino=289569, mode=-rw-r- , 
nlink=1, uid=1000<"semarie">, gid=1000<"semarie">, rdev=0, 
atime=1521962119<"Mar 25 09:15:19 2018">.594806497, mtime=1521962119<"Mar 25 
09:15:19 2018">.594806497, ctime=1521962119<"Mar 25 09:15:19 2018">.594806497, 
size=0, blocks=0, blksize=16384, flags=0x0, gen=0x0 }
  8372 fossil   RET   fstat 0
  8372 fossil   CALL  fchmod(6,0644)
  8372 fossil   PLDG  fchmod, "fattr", errno 1 Operation not permitted
  8372 fossil   PSIG  SIGABRT SIG_DFL
  8372 fossil   NAMI  "fossil.core"


-- 
Sebastien Marie

Index: Makefile
===
RCS file: /cvs/ports/devel/fossil/Makefile,v
retrieving revision 1.62
diff -u -p -r1.62 Makefile
--- Makefile9 Feb 2018 19:42:45 -   1.62
+++ Makefile25 Mar 2018 07:12:29 -
@@ -18,6 +18,7 @@ PERMIT_PACKAGE_CDROM =Yes
 FLAVORS=   static
 FLAVOR?=

+# uses pledge()
 WANTLIB =  c crypto fuse m ssl z

 MODULES =  lang/tcl