Re: Pledge failure in nc(1)

2016-05-28 Thread Bob Beck 
committed.. Thanks Anthony!


On Sat, May 28, 2016 at 09:58:55PM +0200, Theo Buehler wrote:
> On Sat, May 28, 2016 at 01:47:22PM -0600, Bob Beck wrote:
> > Nice catch, and the right analysis.. Thanks Anthony. I think that can
> > be committed
> > 
> 
> ok tb@
> 
> > I don't think we will get away from a bit of a maze there without
> > deprecating nc options, so
> > IMO this is fine.
> > 
> > 
> > On Sat, May 28, 2016 at 12:36 PM, Anthony Coulter
> >  wrote:
> > > When nc(1) tries to connect through an HTTP proxy that requires
> > > authentication, nc calls readpassphrase(3) and aborts. Pledging "tty"
> > > fixes this problem, but you'll notice that the diff has a lot of nasty
> > > branches. My failure to check Pflag when connecting over unix sockets
> > > is not an oversight; nc does not support that configuration.
> > >
> > > To reproduce the failure without setting up a real HTTP proxy, open
> > > two terminals and run nc as a coprocess in the first. The following
> > > session causes a core dump:
> > >   (tty1)$ nc -lk 8080 |&
> > >   (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081
> > >   (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n"
> > >   (tty2) Abort trap (core dumped)
> > >
> > >
> > > Index: netcat.c
> > > ===
> > > RCS file: /cvs/src/usr.bin/nc/netcat.c,v
> > > retrieving revision 1.150
> > > diff -u -p -r1.150 netcat.c
> > > --- netcat.c4 Jan 2016 02:18:31 -   1.150
> > > +++ netcat.c28 May 2016 18:33:30 -
> > > @@ -323,7 +323,13 @@ main(int argc, char *argv[])
> > > if (pledge("stdio rpath wpath cpath tmppath unix", NULL) 
> > > == -1)
> > > err(1, "pledge");
> > > } else if (Fflag) {
> > > -   if (pledge("stdio inet dns sendfd", NULL) == -1)
> > > +   if (Pflag) {
> > > +   if (pledge("stdio inet dns sendfd tty", NULL) == 
> > > -1)
> > > +   err(1, "pledge");
> > > +   } else if (pledge("stdio inet dns sendfd", NULL) == -1)
> > > +   err(1, "pledge");
> > > +   } else if (Pflag) {
> > > +   if (pledge("stdio inet dns tty", NULL) == -1)
> > > err(1, "pledge");
> > > } else if (usetls) {
> > > if (pledge("stdio rpath inet dns", NULL) == -1)
> > > @@ -434,7 +440,10 @@ main(int argc, char *argv[])
> > > if (Kflag && (privkey = tls_load_file(Kflag, , 
> > > NULL)) == NULL)
> > > errx(1, "unable to load TLS key file %s", Kflag);
> > >
> > > -   if (pledge("stdio inet dns", NULL) == -1)
> > > +   if (Pflag) {
> > > +   if (pledge("stdio inet dns tty", NULL) == -1)
> > > +   err(1, "pledge");
> > > +   } else if (pledge("stdio inet dns", NULL) == -1)
> > > err(1, "pledge");
> > >
> > > if (tls_init() == -1)
> > >
> >

Re: Pledge failure in nc(1)

2016-05-28 Thread Theo Buehler 
On Sat, May 28, 2016 at 01:47:22PM -0600, Bob Beck wrote:
> Nice catch, and the right analysis.. Thanks Anthony. I think that can
> be committed
> 

ok tb@

> I don't think we will get away from a bit of a maze there without
> deprecating nc options, so
> IMO this is fine.
> 
> 
> On Sat, May 28, 2016 at 12:36 PM, Anthony Coulter
>  wrote:
> > When nc(1) tries to connect through an HTTP proxy that requires
> > authentication, nc calls readpassphrase(3) and aborts. Pledging "tty"
> > fixes this problem, but you'll notice that the diff has a lot of nasty
> > branches. My failure to check Pflag when connecting over unix sockets
> > is not an oversight; nc does not support that configuration.
> >
> > To reproduce the failure without setting up a real HTTP proxy, open
> > two terminals and run nc as a coprocess in the first. The following
> > session causes a core dump:
> >   (tty1)$ nc -lk 8080 |&
> >   (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081
> >   (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n"
> >   (tty2) Abort trap (core dumped)
> >
> >
> > Index: netcat.c
> > ===
> > RCS file: /cvs/src/usr.bin/nc/netcat.c,v
> > retrieving revision 1.150
> > diff -u -p -r1.150 netcat.c
> > --- netcat.c4 Jan 2016 02:18:31 -   1.150
> > +++ netcat.c28 May 2016 18:33:30 -
> > @@ -323,7 +323,13 @@ main(int argc, char *argv[])
> > if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == 
> > -1)
> > err(1, "pledge");
> > } else if (Fflag) {
> > -   if (pledge("stdio inet dns sendfd", NULL) == -1)
> > +   if (Pflag) {
> > +   if (pledge("stdio inet dns sendfd tty", NULL) == -1)
> > +   err(1, "pledge");
> > +   } else if (pledge("stdio inet dns sendfd", NULL) == -1)
> > +   err(1, "pledge");
> > +   } else if (Pflag) {
> > +   if (pledge("stdio inet dns tty", NULL) == -1)
> > err(1, "pledge");
> > } else if (usetls) {
> > if (pledge("stdio rpath inet dns", NULL) == -1)
> > @@ -434,7 +440,10 @@ main(int argc, char *argv[])
> > if (Kflag && (privkey = tls_load_file(Kflag, , 
> > NULL)) == NULL)
> > errx(1, "unable to load TLS key file %s", Kflag);
> >
> > -   if (pledge("stdio inet dns", NULL) == -1)
> > +   if (Pflag) {
> > +   if (pledge("stdio inet dns tty", NULL) == -1)
> > +   err(1, "pledge");
> > +   } else if (pledge("stdio inet dns", NULL) == -1)
> > err(1, "pledge");
> >
> > if (tls_init() == -1)
> >
>

Re: Pledge failure in nc(1)

2016-05-28 Thread Theo de Raadt 
> When nc(1) tries to connect through an HTTP proxy that requires
> authentication, nc calls readpassphrase(3) and aborts. Pledging "tty"
> fixes this problem, but you'll notice that the diff has a lot of nasty
> branches. My failure to check Pflag when connecting over unix sockets
> is not an oversight; nc does not support that configuration.
> 
> To reproduce the failure without setting up a real HTTP proxy, open
> two terminals and run nc as a coprocess in the first. The following
> session causes a core dump:
>   (tty1)$ nc -lk 8080 |&
>   (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081
>   (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n"
>   (tty2) Abort trap (core dumped)

The diff looks right to me.

Re: Pledge failure in nc(1)

2016-05-28 Thread Bob Beck 
Nice catch, and the right analysis.. Thanks Anthony. I think that can
be committed

I don't think we will get away from a bit of a maze there without
deprecating nc options, so
IMO this is fine.


On Sat, May 28, 2016 at 12:36 PM, Anthony Coulter
 wrote:
> When nc(1) tries to connect through an HTTP proxy that requires
> authentication, nc calls readpassphrase(3) and aborts. Pledging "tty"
> fixes this problem, but you'll notice that the diff has a lot of nasty
> branches. My failure to check Pflag when connecting over unix sockets
> is not an oversight; nc does not support that configuration.
>
> To reproduce the failure without setting up a real HTTP proxy, open
> two terminals and run nc as a coprocess in the first. The following
> session causes a core dump:
>   (tty1)$ nc -lk 8080 |&
>   (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081
>   (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n"
>   (tty2) Abort trap (core dumped)
>
>
> Index: netcat.c
> ===
> RCS file: /cvs/src/usr.bin/nc/netcat.c,v
> retrieving revision 1.150
> diff -u -p -r1.150 netcat.c
> --- netcat.c4 Jan 2016 02:18:31 -   1.150
> +++ netcat.c28 May 2016 18:33:30 -
> @@ -323,7 +323,13 @@ main(int argc, char *argv[])
> if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == 
> -1)
> err(1, "pledge");
> } else if (Fflag) {
> -   if (pledge("stdio inet dns sendfd", NULL) == -1)
> +   if (Pflag) {
> +   if (pledge("stdio inet dns sendfd tty", NULL) == -1)
> +   err(1, "pledge");
> +   } else if (pledge("stdio inet dns sendfd", NULL) == -1)
> +   err(1, "pledge");
> +   } else if (Pflag) {
> +   if (pledge("stdio inet dns tty", NULL) == -1)
> err(1, "pledge");
> } else if (usetls) {
> if (pledge("stdio rpath inet dns", NULL) == -1)
> @@ -434,7 +440,10 @@ main(int argc, char *argv[])
> if (Kflag && (privkey = tls_load_file(Kflag, , 
> NULL)) == NULL)
> errx(1, "unable to load TLS key file %s", Kflag);
>
> -   if (pledge("stdio inet dns", NULL) == -1)
> +   if (Pflag) {
> +   if (pledge("stdio inet dns tty", NULL) == -1)
> +   err(1, "pledge");
> +   } else if (pledge("stdio inet dns", NULL) == -1)
> err(1, "pledge");
>
> if (tls_init() == -1)
>

Pledge failure in nc(1)

2016-05-28 Thread Anthony Coulter 
When nc(1) tries to connect through an HTTP proxy that requires
authentication, nc calls readpassphrase(3) and aborts. Pledging "tty"
fixes this problem, but you'll notice that the diff has a lot of nasty
branches. My failure to check Pflag when connecting over unix sockets
is not an oversight; nc does not support that configuration.

To reproduce the failure without setting up a real HTTP proxy, open
two terminals and run nc as a coprocess in the first. The following
session causes a core dump:
  (tty1)$ nc -lk 8080 |&
  (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081
  (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n"
  (tty2) Abort trap (core dumped)


Index: netcat.c
===
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.150
diff -u -p -r1.150 netcat.c
--- netcat.c4 Jan 2016 02:18:31 -   1.150
+++ netcat.c28 May 2016 18:33:30 -
@@ -323,7 +323,13 @@ main(int argc, char *argv[])
if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
err(1, "pledge");
} else if (Fflag) {
-   if (pledge("stdio inet dns sendfd", NULL) == -1)
+   if (Pflag) {
+   if (pledge("stdio inet dns sendfd tty", NULL) == -1)
+   err(1, "pledge");
+   } else if (pledge("stdio inet dns sendfd", NULL) == -1)
+   err(1, "pledge");
+   } else if (Pflag) {
+   if (pledge("stdio inet dns tty", NULL) == -1)
err(1, "pledge");
} else if (usetls) {
if (pledge("stdio rpath inet dns", NULL) == -1)
@@ -434,7 +440,10 @@ main(int argc, char *argv[])
if (Kflag && (privkey = tls_load_file(Kflag, , 
NULL)) == NULL)
errx(1, "unable to load TLS key file %s", Kflag);
 
-   if (pledge("stdio inet dns", NULL) == -1)
+   if (Pflag) {
+   if (pledge("stdio inet dns tty", NULL) == -1)
+   err(1, "pledge");
+   } else if (pledge("stdio inet dns", NULL) == -1)
err(1, "pledge");
 
if (tls_init() == -1)