Hey,
On Tue, Jan 01, 2019 at 12:30:04PM -0700, Theo de Raadt wrote:
> In particular, specific pledges open up various system files, so those
> do not need to be opened via unveil.
Gah, you're right!
There's no need to unveil /etc/resolv.conf or /etc/pwd.db.
> The lack of pledge "dns" but opening of resolv.conf shows a further
> misunderstanding, and also a lack of testing.
It turns out DNS is not required at all! So that's why it was working
when I was testing.
I also realised that none of 'tmppath', 'wpath' or 'cpath' pledges are
required either.
This brings us to the diff below. Anything else fishy?
(Does anyone on-list host a real gopher site that they could test with?)
Cheers!
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/gophernicus/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- Makefile 4 Sep 2018 12:46:17 -0000 1.17
+++ Makefile 31 Dec 2018 19:30:19 -0000
@@ -3,7 +3,7 @@
COMMENT= modern gopher server
DISTNAME= gophernicus-2.5
CATEGORIES= net
-REVISION= 0
+REVISION= 1
HOMEPAGE= gopher://gophernicus.org/
MAINTAINER = Brian Callahan <bcallah@openbsd.org>
Index: patches/patch-README
===================================================================
RCS file: patches/patch-README
diff -N patches/patch-README
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-README 1 Jan 2019 16:01:17 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+Pledge and unveil. Based upon:
+https://github.com/0x16h/gophernicus/commit/1f61d46a5ebb061d5862a6a61e296b473c169ec6
+
+Index: README
+--- README.orig
++++ README
+@@ -43,6 +43,8 @@ Command line options:
+ -nm Disable shared memory use (for debugging)
+ -nr Disable root user checking (for debugging)
+ -np Disable HAproxy proxy protocol
++ -ne Disable executable gophermaps
++ -nu Disable personal gopherspaces
+
+ -d Debug to syslog (not for production use)
+ -v Display version number and build date
Index: patches/patch-gophernicus_c
===================================================================
RCS file: patches/patch-gophernicus_c
diff -N patches/patch-gophernicus_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-gophernicus_c 1 Jan 2019 21:26:28 -0000
@@ -0,0 +1,155 @@
+$OpenBSD$
+
+Pledge and unveil. Based upon:
+https://github.com/0x16h/gophernicus/commit/1f61d46a5ebb061d5862a6a61e296b473c169ec6
+
+Index: gophernicus.c
+--- gophernicus.c.orig
++++ gophernicus.c
+@@ -219,7 +219,8 @@ void selector_to_path(state *st)
+
+ #ifdef HAVE_PASSWD
+ /* Virtual userdir (~user -> /home/user/public_gopher)? */
+- if (*(st->user_dir) && sstrncmp(st->req_selector, "/~") == MATCH) {
++ if (st->opt_personal_spaces && *(st->user_dir) &&
++ sstrncmp(st->req_selector, "/~") == MATCH) {
+
+ /* Parse userdir login name & path */;
+ sstrlcpy(buf, st->req_selector + 2);
+@@ -453,6 +454,8 @@ void init_state(state *st)
+ st->opt_shm = TRUE;
+ st->opt_root = TRUE;
+ st->opt_proxy = TRUE;
++ st->opt_execmaps = TRUE;
++ st->opt_personal_spaces = TRUE;
+ st->debug = FALSE;
+
+ /* Load default suffix -> filetype mappings */
+@@ -488,6 +491,9 @@ int main(int argc, char *argv[])
+ char local[BUFSIZE];
+ int dummy;
+
No comments:
Post a Comment