On Sat, Dec 28, 2024 at 03:54:34PM +0000, Stuart Henderson wrote:
> On 2024/12/28 09:51, Chaz Kettleson wrote:
> > I've been running this for a while and continued to do testing without
> > issues. Can we get this committed? Or is someone willing to take a look.
>
> I'm not a fan of building up the promises string dynamically. The
> approach I've normally seen used would be to pledge with the maximal
> promises set first, then call pledge again with a smaller set to revoke
> the unneeded ones as they're determined. That uses static strings so
> doesn't require that they're in writable memory.
Thank you. I've updated and referenced the net/iperf3 in cooking this
diff.
>
> I don't run an IRC server and it's not clear how to test without that.
> I see the port's rc script permits reload (no rc_reload=NO) - how does
> this hold up to reloading with different config (i.e. changing from
> config which doesn't need file access, to config which does)?
>
SIGHUP sets RESTART=1 which will just execv HOPM_BINPATH. This is why I
carry the exec promise and only unveil the HOPM_BINPATH as part of the
base set of promises.
--
V/r,
Chaz
diff --git a/patch-src_main_c b/patch-src_main_c
new file mode 100644
index 00000000000..c76235abed6
--- /dev/null
+++ b/patch-src_main_c
@@ -0,0 +1,102 @@
+add pledge/unveil
+
+Index: src/main.c
+--- src/main.c.orig
++++ src/main.c
+@@ -30,6 +30,9 @@
+ #include <fcntl.h>
+ #include <stdlib.h>
+ #include <string.h>
++#if defined(__OpenBSD__)
++#include <err.h>
++#endif
+
+ #include "config.h"
+ #include "irc.h"
+@@ -39,6 +42,9 @@
+ #include "options.h"
+ #include "memory.h"
+ #include "main.h"
++#if defined(__OpenBSD__)
++#include "match.h"
++#endif
+
+
+ static int RESTART; /* Flagged to restart on next cycle */
+@@ -70,6 +76,65 @@ setup_corelimit(void)
+ }
+ }
+
++#if defined(__OpenBSD__)
++static void
++setup_pledge(void) {
++ int needr = 0;
++ int needp = 0;
++
++ if (unveil(HOPM_BINPATH, "x") == -1) {
++ err(1, "unveil");
++ }
++
++ if (IRCItem.tls) {
++ if (unveil("/etc/ssl/cert.pem", "r") == -1) {
++ err(1, "unveil");
++ }
++
++ if (!EmptyString(IRCItem.rsa_private_key_file) &&
++ !EmptyString(IRCItem.tls_certificate_file)) {
++ if (unveil("IRCItem.rsa_private_key", "r") == -1) {
++ err(1, "unveil");
++ }
++
++ if (unveil("IRCItem.tls_certificate_file", "r") == -1) {
++ err(1, "unveil");
++ }
++ }
++
++ needr = 1;
++ }
++
++ if (!EmptyString(OpmItem.dnsbl_to) &&
++ !EmptyString(OpmItem.dnsbl_from) &&
++ !EmptyString(OpmItem.sendmail)) {
++ if (unveil("/bin/sh", "x") == -1) {
++ err(1, "unveil");
++ }
++
++ needp = 1;
++ }
++
++ if (needr && needp) {
++ if (pledge("stdio rpath inet dns proc exec", NULL) == -1) {
++ err(1, "pledge");
++ }
++ } else if (needr) {
++ if (pledge("stdio rpath inet dns exec", NULL) == -1) {
++ err(1, "pledge");
++ }
++ } else if (needp) {
++ if (pledge("stdio inet dns proc exec", NULL) == -1) {
++ err(1, "pledge");
++ }
++ } else {
++ if (pledge("stdio inet dns exec", NULL) == -1) {
++ err(1, "pledge");
++ }
++ }
++}
++#endif
++
+ static void
+ do_signal(int signum)
+ {
+@@ -199,6 +264,10 @@ main(int argc, char *argv[])
+ exit(EXIT_FAILURE);
+ }
+
++#if defined(__OpenBSD__)
++ setup_pledge();
++#endif
++
+ /* Setup alarm & int handlers. */
+ ALARMACTION.sa_handler = &do_signal;
+ ALARMACTION.sa_flags = SA_RESTART;
