I am extremely cynical about 1-liner pledge diffs to large pieces of
software.
More often than not, the diffs are wrong and someone suffers for it
when their program is killed.
Pray tell, when you pledge like this, what is the security model?
Markus Hennecke <markus-henne...@markus-hennecke.de> wrote:
> ping
>
> On Sun, 14 Jul 2019, Markus Hennecke wrote:
>
> > When using an external program to provide the jabber password we need to
> > allow proc and exec the same way like we do when using an external program
> > for event handling. Tested with a gpg encrypted password file.
> >
> > Ok?
> >
> >
> >
> > Index: patches/patch-mcabber_main_c
> > ===================================================================
> > RCS file: /cvs/ports/net/mcabber/patches/patch-mcabber_main_c,v
> > retrieving revision 1.2
> > diff -u -p -r1.2 patch-mcabber_main_c
> > --- patches/patch-mcabber_main_c 26 May 2017 10:34:53 -0000 1.2
> > +++ patches/patch-mcabber_main_c 1 Feb 2019 18:02:56 -0000
> > @@ -6,7 +6,7 @@ Index: mcabber/main.c
> > if (ret == -2)
> > exit(EXIT_FAILURE);
> >
> > -+ if (settings_opt_get("events_command")) {
> > ++ if (settings_opt_get("events_command") ||
> > settings_opt_get("password_eval")) {
> > + if (pledge("stdio rpath wpath cpath fattr inet dns tty proc exec",
> > NULL) ==
> > + -1) {
> > + fprintf(stderr, "Cannot pledge: %s\n", strerror(errno));
> >
>
