Re: Adding pledge() to www/lynx

Mon, 29 Feb 2016 23:42:53 -0800 

On Thu, Feb 04, 2016 at 12:53:56PM +0100, Theo Buehler wrote:
> > If you can just add comments to patches explaining why you do the
> > getenv(HOME) dance to avoid getpw in pledge for the next guy that
> > stumbles upon it..
> 
> Since that's my hack, I added a short explanation to the patch itself.
> I also added a comment to the Makefile to explain the -DNOUSERS option.
> 
> ok?
> 

Here's a new version of the patch. The only change is in the Makefile
due to the recent update of MASTER_SITES.

ok?

Index: Makefile
===================================================================
RCS file: /var/cvs/ports/www/lynx/Makefile,v
retrieving revision 1.23
diff -u -p -r1.23 Makefile
--- Makefile    27 Feb 2016 22:46:10 -0000      1.23
+++ Makefile    1 Mar 2016 07:08:54 -0000
@@ -5,7 +5,7 @@ PL =            8
 COMMENT =      text web browser
 DISTNAME =     lynx${V}dev.${PL}
 PKGNAME =      lynx-${V}pl${PL}
-REVISION =     1
+REVISION =     2
 EXTRACT_SUFX = .tar.bz2
 CATEGORIES =   www net
 
@@ -16,6 +16,7 @@ MAINTAINER =  Frederic Cambus <fred@statd
 # GPLv2 only
 PERMIT_PACKAGE_CDROM = Yes
 
+# uses pledge()
 WANTLIB += c crypto ncurses ssl z
 
 MASTER_SITES = http://lynx.invisible-island.net/current/ \
@@ -26,11 +27,17 @@ CONFIGURE_STYLE =   gnu
 CONFIGURE_ARGS =       --datarootdir="${PREFIX}/share/doc/lynx" \
                        --disable-idna \
                        --disable-nls \
+                       --disable-bibp-urls \
+                       --disable-dired \
+                       --disable-finger \
                        --enable-default-colors \
                        --enable-ipv6 \
                        --enable-widec \
                        --with-ssl=/usr \
                        --with-zlib
+
+# This disables most calls to getpw*(3) so we can avoid pledge "getpw".
+CONFIGURE_ENV =        CFLAGS="-DNOUSERS"
 
 MAKE_FILE =    makefile
 
Index: patches/patch-lynx_man
===================================================================
RCS file: patches/patch-lynx_man
diff -N patches/patch-lynx_man
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-lynx_man      4 Feb 2016 11:37:34 -0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+--- lynx.man.orig      Thu Oct  8 02:19:45 2015
++++ lynx.man   Thu Feb  4 12:37:28 2016
+@@ -593,6 +593,21 @@ flushes the cache on a proxy server
+ allows a list of services to be disabled selectively.
+ Dashes and underscores in option names can be intermixed.
+ The following list is printed if no options are specified.
++.IP
++On OpenBSD the following restrictions are always enabled:
++\fBexec\fR,
++\fBmail\fR,
++and
++\fBshell\fR.
++Additionally,
++\fBbibp-urls\fR,
++\fBdired\fR,
++\fBfinger\fR,
++\fBrlogin\fR,
++and
++\fBtelnet \fR
++features have been disabled entirely.
++.IP
+ .RS
+ .TP 3
+ .B all
Index: patches/patch-src_LYMain_c
===================================================================
RCS file: patches/patch-src_LYMain_c
diff -N patches/patch-src_LYMain_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_LYMain_c  4 Feb 2016 11:35:38 -0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+--- src/LYMain.c.orig  Fri Dec 18 01:34:45 2015
++++ src/LYMain.c       Wed Feb  3 19:50:41 2016
+@@ -2142,6 +2142,21 @@ int main(int argc,
+     }
+ 
+     /*
++     * Disabling features requiring 'proc' + 'exec' and calling pledge
++     */
++    no_exec = TRUE;
++    no_mail = TRUE;
++    no_shell = TRUE;
++
++    rlogin_ok = FALSE;
++    telnet_ok = FALSE;
++
++    if (pledge("stdio rpath wpath cpath fattr dns inet tty", NULL) == -1) {
++      fprintf(stderr, "%s: pledge: %s\n", getprogname(), strerror(errno));
++      exit_immediately(EXIT_FAILURE);
++    }
++
++    /*
+      * Here's where we do all the work.
+      */
+     if (dump_output_immediately) {
Index: patches/patch-src_LYUtils_c
===================================================================
RCS file: patches/patch-src_LYUtils_c
diff -N patches/patch-src_LYUtils_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_LYUtils_c 4 Feb 2016 11:52:22 -0000
@@ -0,0 +1,24 @@
+$OpenBSD$
+
+Use getenv("HOME") to determine the home directory instead of using getpwuid in
+order to avoid a "getpw" promise.  This is the only location not covered by the
+'-DNOUSERS' option in the Makefile.  If HOME is unset, the fallback is /tmp, so
+no breakage is to be expected from this.
+
+--- src/LYUtils.c.orig Sun Mar 22 16:38:23 2015
++++ src/LYUtils.c      Sun Jan 31 07:49:03 2016
+@@ -5253,10 +5253,11 @@ const char *Home_Dir(void)
+           /*
+            * One could use getlogin() and getpwnam() here instead.
+            */
+-          struct passwd *pw = getpwuid(geteuid());
++          char *home;
+ 
+-          if (pw && pw->pw_dir) {
+-              StrAllocCopy(HomeDir, pw->pw_dir);
++          home = getenv("HOME");
++          if (home && *home) {
++              StrAllocCopy(HomeDir, home);
+           } else
+ #endif
+           {

Reply via email to