On Sun, 27 Oct 2019 at 17:18:03 +0100, Klemens Nanni wrote:
> 10377 thunderbird CALL pledge(0xc5e1686e484,0)
> 10377 thunderbird STRU promise=""
> 10377 thunderbird RET pledge 0
> 10377 thunderbird CALL clock_gettime(CLOCK_MONOTONIC,0x7f7fffff96d8)
> 10377 thunderbird PLDG clock_gettime, "stdio", errno 1 Operation not
> permitted
> 10377 thunderbird PSIG SIGABRT SIG_DFL
> ...
>
> Thunderbird's WRKSRC only contains one pledge(2) call:
>
> dom/ipc/ContentChild.cpp
> 3948: if (pledge(promisesString.get(), NULL) == -1) {
That's the code from Firefox that is supposed to read the pledge
promises from the security.sandbox.pledge.main preference, but
that's only enabled if built with MOZ_SANDBOX. That define is only
supposed to get set when the --enable-sandbox flag is passed to
the configure script, as the www/mozilla-firefox port does:
CONFIGURE_ARGS += --enable-sandbox
Mozilla broke that in in version 69, so even though --enable-sandbox
was passed, sandboxing wasn't enabled on OpenBSD:
https://bugzilla.mozilla.org/show_bug.cgi?id=1579323
Apparently the way that got fixed forces it to be enabled by default
now without --enable-sandbox being passed, and Thunderbird uses that
same code. So now sandboxing is enabled on Thunderbird but there
are no pledge strings defined in the default preferences.
So I think the fix is to now pass --disable-sandbox in
mail/mozilla-thunderbird/Makefile.
As a workaround, you can add this to
/usr/local/lib/thunderbird/defaults/pref/all-openbsd.js:
pref("security.sandbox.pledge.main", "junk");
That will cause pledge() to fail rather than continuing with an
empty list of pledge promises.
