> Il giorno 22 mar 2020, alle ore 09:12, Sebastien Marie <sema...@online.fr> ha
> scritto:
>
>> On Sat, Mar 21, 2020 at 06:49:42PM +0100, Andrea Biscuola wrote:
>>
>> I tried to see how to solve the situation without disabling pledge. I
>> modified the
>> kernel to include shmget(2), shmat(2), shmctl(2) and shmdt(2) in the stdio
>> set
>> and now, screen sharing works.
>
> Well. So in order to permit firefox to use such syscalls, you also allowed
> mostly any program using pledge(2) to use them too ?
>
> Do you think sshd(8) sandbox needs them ? or doas(1) ? or su(1)
> Allowing new syscalls in an existing promise could be a hard exercice as it
> require to considere all the programs already using this promise and see
> implication.
>
I was thinking the same, and I already sent the message when this came to mind.
Also, looking back, I understood the shm functions are accepted and implemented
reluctantly in OpenBSD, that's why, probably, they are not allowed at all under
pledge(2).
Sorry for the noise.
> I would advice you to follow landry@ advice to disable pledge(2) for firefox.
> It
> is could be less dangerous than extending "stdio" and increasing the attack
> surface of all pledged programs.
Will do
> Thanks.
> --
> Sebastien Marie
>
Thank you!
Andrea
