Re: pledge xenodm

Sat, 03 Nov 2018 05:41:41 -0700 

On Fri, Nov 02, 2018 at 07:03:11PM +0000, Ricardo Mestre wrote:
> Hi,
> 
> Looking at pledging xenodm a little bit more I was able to run it with
> the diff below across X restarts, with stock configuration.
> 
> Please test it, if you have special configs better since most likely
> this will break it but we need to know where and why and with that maybe
> trim xenodm's bloat.

Hi,

xenodm crashes if one logs out from the first session that was
created.  the pldege() call in StartDisplay is too strict.

I've not had time to fully figure out if this can be fixed. Iirc I
tried when I did the initial work on adding pledge to xenodm and it's
not possible because of the code that creates the auth cookie and
chown()s it to _x11.

I didn't have time yet to do a more serious testing of the session
pledge. 

> 
> DisplayManager:
> rpath: open(2) /etc/X11/xenodm/xenodm-config
> cpath: unlink(2) d->authFile
> proc: kill(2)
> 
> Session:
> rpath: open(2) /etc/fbtab
> wpath/cpath: open(2) d->authFile
> fattr: chmod(2) d->authFile
> dns: sysctl(2) for name resolution
> proc: kill(2)
> exec: execve(2) /etc/X11/xenodm/TakeConsole
> id: setuid(2)
> 
> Index: dm.c
> ===================================================================
> RCS file: /cvs/xenocara/app/xenodm/xenodm/dm.c,v
> retrieving revision 1.6
> diff -u -p -u -r1.6 dm.c
> --- dm.c      11 Jul 2018 16:57:04 -0000      1.6
> +++ dm.c      31 Oct 2018 15:15:49 -0000
> @@ -604,6 +604,10 @@ StartDisplay (struct display *d)
>       Debug ("pid: %d\n", pid);
>       d->pid = pid;
>       d->status = running;
> +
> +     if (pledge("stdio rpath cpath proc", NULL) == -1)
> +             exit(OPENFAILED_DISPLAY);
> +
>       break;
>      }
>  }
> Index: session.c
> ===================================================================
> RCS file: /cvs/xenocara/app/xenodm/xenodm/session.c,v
> retrieving revision 1.12
> diff -u -p -u -r1.12 session.c
> --- session.c 11 Jul 2018 20:28:41 -0000      1.12
> +++ session.c 31 Oct 2018 15:15:49 -0000
> @@ -378,6 +378,10 @@ StartClient (
>      default:
>       Debug ("StartSession, fork succeeded %d\n", pid);
>       *pidp = pid;
> +
> +     if (pledge("stdio rpath wpath cpath fattr dns proc exec id", NULL) == 
> -1)
> +             exit(25);
> +
>       return 1;
>      }
>  }
> 
> ----- End forwarded message -----

-- 
Matthieu Herrb

Reply via email to