pledge/unveil: net/gophernicus

Hey,

Having been interested in learning about pledge and unveil, I decided to
try and tighten up net/gophernicus (just in time for the hipster
resurgence of gopher you've all been waiting for :P ).

It turned out to be harder than expected, due to some of the features
and design decisions made upstream (shared memory, arbitrary popens,
personal "gopherspaces"), but I think I have something workable.

In short, it depends what features you have enabled as to how far we can
tighten up security. The new section in the README should serve as an
overview.

This work is loosely based on:
https://cryogenix.net/gophernicus.html

(But note that I'm not addressing TLS support here)

Posting for comments before I propose this to upstream. I'd rather not
have to maintain this as local patches.

Happy new year porters!


Index: Makefile
===================================================================
RCS file: /cvs/ports/net/gophernicus/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- Makefile 4 Sep 2018 12:46:17 -0000 1.17
+++ Makefile 31 Dec 2018 19:30:19 -0000
@@ -3,7 +3,7 @@
COMMENT= modern gopher server
DISTNAME= gophernicus-2.5
CATEGORIES= net
-REVISION= 0
+REVISION= 1

HOMEPAGE= gopher://gophernicus.org/
MAINTAINER = Brian Callahan <bcallah@openbsd.org>
Index: patches/patch-README
===================================================================
RCS file: patches/patch-README
diff -N patches/patch-README
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-README 1 Jan 2019 16:01:17 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+Pledge and unveil. Based upon:
+https://github.com/0x16h/gophernicus/commit/1f61d46a5ebb061d5862a6a61e296b473c169ec6
+
+Index: README
+--- README.orig
++++ README
+@@ -43,6 +43,8 @@ Command line options:
+ -nm Disable shared memory use (for debugging)
+ -nr Disable root user checking (for debugging)
+ -np Disable HAproxy proxy protocol
++ -ne Disable executable gophermaps
++ -nu Disable personal gopherspaces
+
+ -d Debug to syslog (not for production use)
+ -v Display version number and build date
Index: patches/patch-gophernicus_c
===================================================================
RCS file: patches/patch-gophernicus_c
diff -N patches/patch-gophernicus_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-gophernicus_c 1 Jan 2019 15:58:47 -0000
@@ -0,0 +1,174 @@
+$OpenBSD$
+
+Pledge and unveil. Based upon:
+https://github.com/0x16h/gophernicus/commit/1f61d46a5ebb061d5862a6a61e296b473c169ec6
+
+Index: gophernicus.c
+--- gophernicus.c.orig
++++ gophernicus.c
+@@ -25,7 +25,6 @@
+
+ #include "gophernicus.h"
+
+-
+ /*
+ * Print gopher menu line
+ */
+@@ -219,7 +218,8 @@ void selector_to_path(state *st)
+
+ #ifdef HAVE_PASSWD
+ /* Virtual userdir (~user -> /home/user/public_gopher)? */
+- if (*(st->user_dir) && sstrncmp(st->req_selector, "/~") == MATCH) {
++ if (st->opt_personal_spaces && *(st->user_dir) &&
++ sstrncmp(st->req_selector, "/~") == MATCH) {
+
+ /* Parse userdir login name & path */;
+ sstrlcpy(buf, st->req_selector + 2);
+@@ -453,6 +453,8 @@ void init_state(state *st)
+ st->opt_shm = TRUE;
+ st->opt_root = TRUE;
+ st->opt_proxy = TRUE;
++ st->opt_execmaps = TRUE;
++ st->opt_personal_spaces = TRUE;
+ st->debug = FALSE;
+
+ /* Load default suffix -> filetype mappings */
+@@ -488,6 +490,9 @@ int main(int argc, char *argv[])
+ char local[BUFSIZE];
+ int dummy;
+