On Mon, Aug 19, 2024 at 03:24:03PM GMT, Chaz Kettleson wrote:
> On Mon, Aug 19, 2024 at 03:48:20PM GMT, Omar Polo wrote:
> > On 2024/08/17 16:28:35 +0100, Stuart Henderson <s...@spacehopper.org> wrote:
> > > ok
> >
> > Imported
> >
> > Thank you,
> >
> > Omar Polo
> >
>
> Thanks everyone! Great feedback.
>
> Below are patches for pledge/unveil for feedback/discussion.
>
> Here is the approach that was taken:
>
> - Start with minimal set of promises that did not crash and from review
> stdio
> rpath - hopm config file, firedns config
> wpath - pid file, log file, scanlog file
> cpath - pid file, log file, scanlog file
> inet
> dns
> proc - fork (maybe we can remove fork and rc_bg?)
> exec - execv on restart
> unveil
> - Initially unveil nothing
> - Remove unneeded chdir (locations are no longer relative)
> - Unveil only what is needed if it's needed before main loop
> LOGFILE, wc
> CONFFILE, r
> SCANLOG, wc (only if the option is enabled)
> HOPM_BINPATH, x (for execv on restart)
> - Reduce promises before main loop
> stdio
> inet
> dns
> exec
>
> --
> Chaz
>
> diff --git a/net/hopm/patches/patch-src_firedns_c
> b/net/hopm/patches/patch-src_firedns_c
> new file mode 100644
> index 00000000000..10bc8d9af12
> --- /dev/null
> +++ b/net/hopm/patches/patch-src_firedns_c
> @@ -0,0 +1,21 @@
> +Index: firedns.c
> +--- src/firedns.c.orig
> ++++ src/firedns.c
> +@@ -36,6 +36,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
> 02111-1307 USA
> + #include <stdio.h>
> + #include <errno.h>
> + #include <fcntl.h>
> ++#include <err.h>
> +
> + #include "compat.h"
> + #include "memory.h"
> +@@ -171,6 +172,10 @@ firedns_init(void)
> + memset(servers4, 0, sizeof(servers4));
> + memset(servers6, 0, sizeof(servers6));
> +
> ++ if (unveil(FDNS_CONFIG_PREF, "r") == -1) {
> ++ err(1, "unveil");
> ++ }
> ++
> + /* read etc/firedns.conf if we've got it, otherwise parse
> /etc/resolv.conf */
> + f = fopen(FDNS_CONFIG_PREF, "r");
> diff --git a/net/hopm/patches/patch-src_main_c
> b/net/hopm/patches/patch-src_main_c
> new file mode 100644
> index 00000000000..f0dcdc986d3
> --- /dev/null
> +++ b/net/hopm/patches/patch-src_main_c
> @@ -0,0 +1,86 @@
> +Index: main.c
> +--- src/main.c.orig
> ++++ src/main.c
> +@@ -30,6 +30,7 @@
> + #include <fcntl.h>
> + #include <stdlib.h>
> + #include <string.h>
> ++#include <err.h>
> +
> + #include "config.h"
> + #include "irc.h"
> +@@ -100,6 +101,14 @@ main(int argc, char *argv[])
> + FILE *pidout;
> + struct rlimit rlim;
> +
> ++ if (pledge("stdio rpath wpath cpath inet dns proc exec unveil", NULL) ==
> -1) {
> ++ err(1, "pledge");
> ++ }
> ++
> ++ if (unveil("/", "")) {
> ++ err(1, "unveil");
> ++ }
> ++
> + setup_corelimit();
> +
> + while (1)
> +@@ -130,12 +139,6 @@ main(int argc, char *argv[])
> + snprintf(CONFFILE, lenc, "%s/%s.%s", CONFDIR, CONFNAME, CONFEXT);
> + snprintf(LOGFILE, lenl, "%s/%s.%s", LOGDIR, CONFNAME, LOGEXT);
> +
> +- if (chdir(HOPM_PREFIX))
> +- {
> +- perror("chdir");
> +- exit(EXIT_FAILURE);
> +- }
> +-
> + /* Fork off. */
> + if (OPT_DEBUG == 0)
> + {
> +@@ -172,6 +175,10 @@ main(int argc, char *argv[])
> + if (fd > STDERR_FILENO)
> + close(fd);
> +
> ++ if (unveil(LOGFILE, "wc") == -1) {
> ++ err(1, "unveil");
> ++ }
> ++
> + log_open(LOGFILE);
> + }
> + else
> +@@ -180,13 +187,34 @@ main(int argc, char *argv[])
> + log_printf("MAIN -> HOPM %s started.", VERSION);
> + log_printf("MAIN -> Reading configuration file...");
> +
> ++ if (unveil(CONFFILE, "r") == -1) {
> ++ err(1, "unveil");
> ++ }
> ++
> + config_load(CONFFILE);
> +
> +- if (OptionsItem.scanlog)
> ++ if (OptionsItem.scanlog) {
> ++ if (unveil(OptionsItem.scanlog, "wc")) {
> ++ err(1, "unveil");
> ++ }
> ++
> + scanlog_open(OptionsItem.scanlog);
> ++ }
> ++
> ++ if (unveil(OptionsItem.pidfile, "wc")) {
> ++ err(1, "unveil");
> ++ }
> +
> + pidout = fopen(OptionsItem.pidfile, "w");
> +
> ++ if (unveil(HOPM_BINPATH, "x") == -1) {
> ++ err(1, "unveil");
> ++ }
> ++
> ++ if (pledge("stdio inet dns exec", NULL) == -1) {
> ++ err(1, "pledge");
> ++ }
> ++
> + if (pidout)
> + {
> + fprintf(pidout, "%u\n", (unsigned int)getpid());
>
ping
--
Chaz
