Re: Pledge failure in nc(1)
committed.. Thanks Anthony! On Sat, May 28, 2016 at 09:58:55PM +0200, Theo Buehler wrote: > On Sat, May 28, 2016 at 01:47:22PM -0600, Bob Beck wrote: > > Nice catch, and the right analysis.. Thanks Anthony. I think that can > > be committed > > > > ok tb@ > > > I don't think we will get away from a bit of a maze there without > > deprecating nc options, so > > IMO this is fine. > > > > > > On Sat, May 28, 2016 at 12:36 PM, Anthony Coulter > >wrote: > > > When nc(1) tries to connect through an HTTP proxy that requires > > > authentication, nc calls readpassphrase(3) and aborts. Pledging "tty" > > > fixes this problem, but you'll notice that the diff has a lot of nasty > > > branches. My failure to check Pflag when connecting over unix sockets > > > is not an oversight; nc does not support that configuration. > > > > > > To reproduce the failure without setting up a real HTTP proxy, open > > > two terminals and run nc as a coprocess in the first. The following > > > session causes a core dump: > > > (tty1)$ nc -lk 8080 |& > > > (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081 > > > (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n" > > > (tty2) Abort trap (core dumped) > > > > > > > > > Index: netcat.c > > > === > > > RCS file: /cvs/src/usr.bin/nc/netcat.c,v > > > retrieving revision 1.150 > > > diff -u -p -r1.150 netcat.c > > > --- netcat.c4 Jan 2016 02:18:31 - 1.150 > > > +++ netcat.c28 May 2016 18:33:30 - > > > @@ -323,7 +323,13 @@ main(int argc, char *argv[]) > > > if (pledge("stdio rpath wpath cpath tmppath unix", NULL) > > > == -1) > > > err(1, "pledge"); > > > } else if (Fflag) { > > > - if (pledge("stdio inet dns sendfd", NULL) == -1) > > > + if (Pflag) { > > > + if (pledge("stdio inet dns sendfd tty", NULL) == > > > -1) > > > + err(1, "pledge"); > > > + } else if (pledge("stdio inet dns sendfd", NULL) == -1) > > > + err(1, "pledge"); > > > + } else if (Pflag) { > > > + if (pledge("stdio inet dns tty", NULL) == -1) > > > err(1, "pledge"); > > > } else if (usetls) { > > > if (pledge("stdio rpath inet dns", NULL) == -1) > > > @@ -434,7 +440,10 @@ main(int argc, char *argv[]) > > > if (Kflag && (privkey = tls_load_file(Kflag, , > > > NULL)) == NULL) > > > errx(1, "unable to load TLS key file %s", Kflag); > > > > > > - if (pledge("stdio inet dns", NULL) == -1) > > > + if (Pflag) { > > > + if (pledge("stdio inet dns tty", NULL) == -1) > > > + err(1, "pledge"); > > > + } else if (pledge("stdio inet dns", NULL) == -1) > > > err(1, "pledge"); > > > > > > if (tls_init() == -1) > > > > >
Re: Pledge failure in nc(1)
On Sat, May 28, 2016 at 01:47:22PM -0600, Bob Beck wrote: > Nice catch, and the right analysis.. Thanks Anthony. I think that can > be committed > ok tb@ > I don't think we will get away from a bit of a maze there without > deprecating nc options, so > IMO this is fine. > > > On Sat, May 28, 2016 at 12:36 PM, Anthony Coulter >wrote: > > When nc(1) tries to connect through an HTTP proxy that requires > > authentication, nc calls readpassphrase(3) and aborts. Pledging "tty" > > fixes this problem, but you'll notice that the diff has a lot of nasty > > branches. My failure to check Pflag when connecting over unix sockets > > is not an oversight; nc does not support that configuration. > > > > To reproduce the failure without setting up a real HTTP proxy, open > > two terminals and run nc as a coprocess in the first. The following > > session causes a core dump: > > (tty1)$ nc -lk 8080 |& > > (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081 > > (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n" > > (tty2) Abort trap (core dumped) > > > > > > Index: netcat.c > > === > > RCS file: /cvs/src/usr.bin/nc/netcat.c,v > > retrieving revision 1.150 > > diff -u -p -r1.150 netcat.c > > --- netcat.c4 Jan 2016 02:18:31 - 1.150 > > +++ netcat.c28 May 2016 18:33:30 - > > @@ -323,7 +323,13 @@ main(int argc, char *argv[]) > > if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == > > -1) > > err(1, "pledge"); > > } else if (Fflag) { > > - if (pledge("stdio inet dns sendfd", NULL) == -1) > > + if (Pflag) { > > + if (pledge("stdio inet dns sendfd tty", NULL) == -1) > > + err(1, "pledge"); > > + } else if (pledge("stdio inet dns sendfd", NULL) == -1) > > + err(1, "pledge"); > > + } else if (Pflag) { > > + if (pledge("stdio inet dns tty", NULL) == -1) > > err(1, "pledge"); > > } else if (usetls) { > > if (pledge("stdio rpath inet dns", NULL) == -1) > > @@ -434,7 +440,10 @@ main(int argc, char *argv[]) > > if (Kflag && (privkey = tls_load_file(Kflag, , > > NULL)) == NULL) > > errx(1, "unable to load TLS key file %s", Kflag); > > > > - if (pledge("stdio inet dns", NULL) == -1) > > + if (Pflag) { > > + if (pledge("stdio inet dns tty", NULL) == -1) > > + err(1, "pledge"); > > + } else if (pledge("stdio inet dns", NULL) == -1) > > err(1, "pledge"); > > > > if (tls_init() == -1) > > >
Re: Pledge failure in nc(1)
> When nc(1) tries to connect through an HTTP proxy that requires > authentication, nc calls readpassphrase(3) and aborts. Pledging "tty" > fixes this problem, but you'll notice that the diff has a lot of nasty > branches. My failure to check Pflag when connecting over unix sockets > is not an oversight; nc does not support that configuration. > > To reproduce the failure without setting up a real HTTP proxy, open > two terminals and run nc as a coprocess in the first. The following > session causes a core dump: > (tty1)$ nc -lk 8080 |& > (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081 > (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n" > (tty2) Abort trap (core dumped) The diff looks right to me.
Re: Pledge failure in nc(1)
Nice catch, and the right analysis.. Thanks Anthony. I think that can be committed I don't think we will get away from a bit of a maze there without deprecating nc options, so IMO this is fine. On Sat, May 28, 2016 at 12:36 PM, Anthony Coulterwrote: > When nc(1) tries to connect through an HTTP proxy that requires > authentication, nc calls readpassphrase(3) and aborts. Pledging "tty" > fixes this problem, but you'll notice that the diff has a lot of nasty > branches. My failure to check Pflag when connecting over unix sockets > is not an oversight; nc does not support that configuration. > > To reproduce the failure without setting up a real HTTP proxy, open > two terminals and run nc as a coprocess in the first. The following > session causes a core dump: > (tty1)$ nc -lk 8080 |& > (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081 > (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n" > (tty2) Abort trap (core dumped) > > > Index: netcat.c > === > RCS file: /cvs/src/usr.bin/nc/netcat.c,v > retrieving revision 1.150 > diff -u -p -r1.150 netcat.c > --- netcat.c4 Jan 2016 02:18:31 - 1.150 > +++ netcat.c28 May 2016 18:33:30 - > @@ -323,7 +323,13 @@ main(int argc, char *argv[]) > if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == > -1) > err(1, "pledge"); > } else if (Fflag) { > - if (pledge("stdio inet dns sendfd", NULL) == -1) > + if (Pflag) { > + if (pledge("stdio inet dns sendfd tty", NULL) == -1) > + err(1, "pledge"); > + } else if (pledge("stdio inet dns sendfd", NULL) == -1) > + err(1, "pledge"); > + } else if (Pflag) { > + if (pledge("stdio inet dns tty", NULL) == -1) > err(1, "pledge"); > } else if (usetls) { > if (pledge("stdio rpath inet dns", NULL) == -1) > @@ -434,7 +440,10 @@ main(int argc, char *argv[]) > if (Kflag && (privkey = tls_load_file(Kflag, , > NULL)) == NULL) > errx(1, "unable to load TLS key file %s", Kflag); > > - if (pledge("stdio inet dns", NULL) == -1) > + if (Pflag) { > + if (pledge("stdio inet dns tty", NULL) == -1) > + err(1, "pledge"); > + } else if (pledge("stdio inet dns", NULL) == -1) > err(1, "pledge"); > > if (tls_init() == -1) >
Pledge failure in nc(1)
When nc(1) tries to connect through an HTTP proxy that requires authentication, nc calls readpassphrase(3) and aborts. Pledging "tty" fixes this problem, but you'll notice that the diff has a lot of nasty branches. My failure to check Pflag when connecting over unix sockets is not an oversight; nc does not support that configuration. To reproduce the failure without setting up a real HTTP proxy, open two terminals and run nc as a coprocess in the first. The following session causes a core dump: (tty1)$ nc -lk 8080 |& (tty2)$ nc -Xconnect -xlocalhost:8080 -Puser localhost 8081 (tty1)$ print -np "HTTP/1.0 407 Authentication Required\r\n\r\n" (tty2) Abort trap (core dumped) Index: netcat.c === RCS file: /cvs/src/usr.bin/nc/netcat.c,v retrieving revision 1.150 diff -u -p -r1.150 netcat.c --- netcat.c4 Jan 2016 02:18:31 - 1.150 +++ netcat.c28 May 2016 18:33:30 - @@ -323,7 +323,13 @@ main(int argc, char *argv[]) if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) err(1, "pledge"); } else if (Fflag) { - if (pledge("stdio inet dns sendfd", NULL) == -1) + if (Pflag) { + if (pledge("stdio inet dns sendfd tty", NULL) == -1) + err(1, "pledge"); + } else if (pledge("stdio inet dns sendfd", NULL) == -1) + err(1, "pledge"); + } else if (Pflag) { + if (pledge("stdio inet dns tty", NULL) == -1) err(1, "pledge"); } else if (usetls) { if (pledge("stdio rpath inet dns", NULL) == -1) @@ -434,7 +440,10 @@ main(int argc, char *argv[]) if (Kflag && (privkey = tls_load_file(Kflag, , NULL)) == NULL) errx(1, "unable to load TLS key file %s", Kflag); - if (pledge("stdio inet dns", NULL) == -1) + if (Pflag) { + if (pledge("stdio inet dns tty", NULL) == -1) + err(1, "pledge"); + } else if (pledge("stdio inet dns", NULL) == -1) err(1, "pledge"); if (tls_init() == -1)