On Mon, Aug 19, 2024 at 03:48:20PM GMT, Omar Polo wrote:
> On 2024/08/17 16:28:35 +0100, Stuart Henderson <s...@spacehopper.org> wrote:
> > ok
>
> Imported
>
> Thank you,
>
> Omar Polo
>
Thanks everyone! Great feedback.
Below are patches for pledge/unveil for feedback/discussion.
Here is the approach that was taken:
- Start with minimal set of promises that did not crash and from review
stdio
rpath - hopm config file, firedns config
wpath - pid file, log file, scanlog file
cpath - pid file, log file, scanlog file
inet
dns
proc - fork (maybe we can remove fork and rc_bg?)
exec - execv on restart
unveil
- Initially unveil nothing
- Remove unneeded chdir (locations are no longer relative)
- Unveil only what is needed if it's needed before main loop
LOGFILE, wc
CONFFILE, r
SCANLOG, wc (only if the option is enabled)
HOPM_BINPATH, x (for execv on restart)
- Reduce promises before main loop
stdio
inet
dns
exec
--
Chaz
diff --git a/net/hopm/patches/patch-src_firedns_c
b/net/hopm/patches/patch-src_firedns_c
new file mode 100644
index 00000000000..10bc8d9af12
--- /dev/null
+++ b/net/hopm/patches/patch-src_firedns_c
@@ -0,0 +1,21 @@
+Index: firedns.c
+--- src/firedns.c.orig
++++ src/firedns.c
+@@ -36,6 +36,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
+ #include <stdio.h>
+ #include <errno.h>
+ #include <fcntl.h>
++#include <err.h>
+
+ #include "compat.h"
+ #include "memory.h"
+@@ -171,6 +172,10 @@ firedns_init(void)
+ memset(servers4, 0, sizeof(servers4));
+ memset(servers6, 0, sizeof(servers6));
+
++ if (unveil(FDNS_CONFIG_PREF, "r") == -1) {
++ err(1, "unveil");
++ }
++
+ /* read etc/firedns.conf if we've got it, otherwise parse /etc/resolv.conf
*/
+ f = fopen(FDNS_CONFIG_PREF, "r");
diff --git a/net/hopm/patches/patch-src_main_c
b/net/hopm/patches/patch-src_main_c
new file mode 100644
index 00000000000..f0dcdc986d3
--- /dev/null
+++ b/net/hopm/patches/patch-src_main_c
@@ -0,0 +1,86 @@
+Index: main.c
+--- src/main.c.orig
++++ src/main.c
+@@ -30,6 +30,7 @@
+ #include <fcntl.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <err.h>
+
+ #include "config.h"
+ #include "irc.h"
+@@ -100,6 +101,14 @@ main(int argc, char *argv[])
+ FILE *pidout;
+ struct rlimit rlim;
+
++ if (pledge("stdio rpath wpath cpath inet dns proc exec unveil", NULL) ==
-1) {
++ err(1, "pledge");
++ }
++
++ if (unveil("/", "")) {
++ err(1, "unveil");
++ }
++
+ setup_corelimit();
+
+ while (1)
+@@ -130,12 +139,6 @@ main(int argc, char *argv[])
+ snprintf(CONFFILE, lenc, "%s/%s.%s", CONFDIR, CONFNAME, CONFEXT);
+ snprintf(LOGFILE, lenl, "%s/%s.%s", LOGDIR, CONFNAME, LOGEXT);
+
+- if (chdir(HOPM_PREFIX))
+- {
+- perror("chdir");
+- exit(EXIT_FAILURE);
+- }
+-
+ /* Fork off. */
+ if (OPT_DEBUG == 0)
+ {
+@@ -172,6 +175,10 @@ main(int argc, char *argv[])
+ if (fd > STDERR_FILENO)
+ close(fd);
+
++ if (unveil(LOGFILE, "wc") == -1) {
++ err(1, "unveil");
++ }
++
+ log_open(LOGFILE);
+ }
+ else
+@@ -180,13 +187,34 @@ main(int argc, char *argv[])
+ log_printf("MAIN -> HOPM %s started.", VERSION);
+ log_printf("MAIN -> Reading configuration file...");
+
++ if (unveil(CONFFILE, "r") == -1) {
++ err(1, "unveil");
++ }
++
+ config_load(CONFFILE);
+
+- if (OptionsItem.scanlog)
++ if (OptionsItem.scanlog) {
++ if (unveil(OptionsItem.scanlog, "wc")) {
++ err(1, "unveil");
++ }
++
+ scanlog_open(OptionsItem.scanlog);
++ }
++
++ if (unveil(OptionsItem.pidfile, "wc")) {
++ err(1, "unveil");
++ }
+
+ pidout = fopen(OptionsItem.pidfile, "w");
+
++ if (unveil(HOPM_BINPATH, "x") == -1) {
++ err(1, "unveil");
++ }
++
++ if (pledge("stdio inet dns exec", NULL) == -1) {
++ err(1, "pledge");
++ }
++
+ if (pidout)
+ {
+ fprintf(pidout, "%u\n", (unsigned int)getpid());
