OpenBSD Mail Box: Re: firefox: unveil and pledge enhancements [8]

On Wed, Sep 25, 2019 at 11:25:59AM -0500, joshua stein wrote:
> This patchset goes back to files in /etc/firefox for unveil file
> lists, and goes further and moves the pledge strings to separate
> files too. This should be the most secure version that is still
> tweakable at runtime.
>
> I switched away from using Firefox's NS_LOCAL_FILE_CONTRACTID/
> NS_LOCALFILEINPUTSTREAM_CONTRACTID mechanisms to read a file, since
> they require a lot of internal setup to be done before they can be
> used (which is otherwise a good thing, because other things later in
> Firefox shouldn't have raw file access). Instead of those, I'm
> using the normal C++ API for reading the /etc/firefox files and this
> way I have been able to move the pledge/unveil calls earlier in the
> process startup. Unfortunately this also means that I can't
> dynamically detect the localized ~/Downloads directory, so if you
> use a different directory, you'll just need to modify the
> unveil.content and unveil.main files to change it.
>
> I tried the $TMPDIR shenanigans with the main process mkdtemp'ing
> somewhere in $TMPDIR (or /tmp), and then exporting TMPDIR as that
> directory so that everything else within Firefox uses that
> subdirectory as its temp directory, allowing /tmp to be removed from
> the unveil lists and only that subdirectory visible. Unfortunately
> the first thing to break was our own shm_open() which hard-codes
> /tmp and doesn't honor $TMPDIR. So that all was ripped out and
> we're back to full access to /tmp.
>
> If the mailing list mangles this again, it's at
> https://jcs.org/patches/firefox-port-unveil8.diff
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/www/mozilla-firefox/Makefile,v
> retrieving revision 1.395
> diff -u -p -u -p -r1.395 Makefile
> --- Makefile 22 Sep 2019 17:19:06 -0000 1.395
> +++ Makefile 25 Sep 2019 16:23:36 -0000
> @@ -10,6 +10,8 @@ MOZILLA_BRANCH = release
> MOZILLA_PROJECT = firefox
> MOZILLA_CODENAME = browser
>
> +REVISION= 0
> +
> WRKDIST = ${WRKDIR}/${MOZILLA_DIST}-${MOZILLA_DIST_VERSION:C/b[0-9]*//}
> HOMEPAGE = https://www.mozilla.org/firefox/
> SO_VERSION = 84.0
> @@ -93,5 +95,10 @@ post-install:
>
> # link default48.png to default.png to be used by default by non-icccm compliant wm
> ln ${PREFIX}/lib/${MOZILLA_PROJECT}/browser/chrome/icons/default/default{48,}.png
> +
> + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/${MOZILLA_PROJECT}
> +.for f in unveil.content unveil.gpu unveil.main pledge.content pledge.gpu pledge.main
> + ${INSTALL_DATA} ${FILESDIR}/${f} ${PREFIX}/share/examples/${MOZILLA_PROJECT}/
> +.endfor
>
> .include <bsd.port.mk>
> Index: files/all-openbsd.js
> ===================================================================
> RCS file: /cvs/ports/www/mozilla-firefox/files/all-openbsd.js,v
> retrieving revision 1.10
> diff -u -p -u -p -r1.10 all-openbsd.js
> --- files/all-openbsd.js 9 Sep 2019 18:50:35 -0000 1.10
> +++ files/all-openbsd.js 25 Sep 2019 16:23:36 -0000
> @@ -5,10 +5,6 @@ pref("app.normandy.enabled",false);
> pref("browser.safebrowsing.enabled", false);
> pref("browser.safebrowsing.malware.enabled", false);
> pref("spellchecker.dictionary_path", "${LOCALBASE}/share/mozilla-dicts/");
> -// enable pledging the content process
> -pref("security.sandbox.content.level", 1);
> -pref("security.sandbox.pledge.main","stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mcast video");
> -pref("security.sandbox.pledge.content","stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps");
> pref("extensions.pocket.enabled", false);
> pref("browser.newtabpage.enabled", false);
> pref("browser.startup.homepage", "about:blank");
> Index: files/pledge.content
> ===================================================================
> RCS file: files/pledge.content
> diff -N files/pledge.content
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ files/pledge.content 25 Sep 2019 16:23:36 -0000
> @@ -0,0 +1,10 @@
> +stdio
> +rpath
> +wpath
> +cpath
> +recvfd
> +sendfd
> +prot_exec
> +unix
> +drm
> +ps
> Index: files/pledge.gpu
> ===================================================================
> RCS file: files/pledge.gpu
> diff -N files/pledge.gpu
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ files/pledge.gpu 25 Sep 2019 16:23:36 -0000
> @@ -0,0 +1,11 @@
> +stdio
> +rpath
> +wpath
> +cpath
> +ps
> +sendfd
> +recvfd
> +drm
> +dns
> +unix
> +prot_exec
> Index: files/pledge.main
> ===================================================================
> RCS file: files/pledge.main
> diff -N files/pledge.main
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ files/pledge.main 25 Sep 2019 16:23:36 -0000
> @@ -0,0 +1,20 @@
> +stdio
> +rpath
> +wpath
> +cpath
> +inet
> +proc
> +exec
> +prot_exec
> +flock
> +ps
> +sendfd
> +recvfd
> +dns
> +vminfo
> +tty
> +drm
> +unix
> +fattr
> +getpw
> +mcast
> Index: files/unveil.content
> ===================================================================
> RCS file: files/unveil.content
> diff -N files/unveil.content
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ files/unveil.content 25 Sep 2019 16:23:36 -0000
> @@ -0,0 +1,43 @@
> +/dev/drm0 rw
> +
> +/etc/fonts r
> +/etc/machine-id r
> +/usr/local/lib r
> +/usr/local/firefox r
> +/usr/local/share r
> +/usr/share/locale r
> +/var/cache/fontconfig r
> +/usr/X11R6/lib r
> +/usr/X11R6/share r
> +/var/run r
> +
> +~/.XCompose r
> +~/.Xauthority r
> +~/.Xdefaults r
> +~/.fontconfig r
> +~/.fonts r
> +~/.fonts.conf r
> +~/.fonts.conf.d r
> +~/.icons r
> +~/.pki rwc
> +~/.sndio rwc
> +~/.terminfo r
> +
> +~/.mozilla r
> +~/Downloads r
> +
> +/tmp rwc
> +
> +$XDG_CONFIG_HOME/dconf r
> +$XDG_CONFIG_HOME/fontconfig r
> +$XDG_CONFIG_HOME/gtk-3.0 r
> +$XDG_CONFIG_HOME/mimeapps.list r
> +$XDG_CONFIG_HOME/mozilla rwc
> +$XDG_CONFIG_HOME/user-dirs.dirs r
> +$XDG_DATA_HOME/applications r
> +$XDG_DATA_HOME/applnk r
> +$XDG_DATA_HOME/fonts r
> +$XDG_DATA_HOME/glib-2.0 r
> +$XDG_DATA_HOME/icons r
> +$XDG_DATA_HOME/mime r
> +$XDG_DATA_HOME/themes r
> Index: files/unveil.gpu
> ===================================================================
> RCS file: files/unveil.gpu
> diff -N files/unveil.gpu
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ files/unveil.gpu 25 Sep 2019 16:23:36 -0000
> @@ -0,0 +1,11 @@
> +/dev/drm0 rw
> +
> +/usr/local/lib/firefox r
> +/usr/local/lib/gdk-pixbuf-2.0 r
> +/usr/X11R6/lib r
> +/usr/share/locale r
> +/usr/local/share r
> +
> +/tmp rw
> +
> +~/.Xauthority r
> Index: files/unveil.main
> ===================================================================
> RCS file: files/unveil.main
> diff -N files/unveil.main
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ files/unveil.main 25 Sep 2019 16:23:36 -0000
> @@ -0,0 +1,63 @@
> +# for uuid generation?
> +/dev/urandom r
> +/dev/video rw
> +
> +/etc/fonts r
> +/etc/machine-id r
> +
> +/usr/local/lib r
> +/usr/local/firefox r
> +/usr/local/lib/firefox rx
> +/usr/local/share r
> +/usr/share/locale r
> +/var/cache/fontconfig r
> +/usr/X11R6/lib r
> +/usr/X11R6/share r
> +/var/run r
> +
> +# printing
> +/usr/bin/lpr rx
> +
> +# for launching registered 3rd party applications like pdf readers
> +/usr/local/bin/gio-launch-desktop rx
> +/etc/mailcap r
> +~/.mailcap r
> +~/.mime.types r
> +
> +~/.XCompose r
> +~/.Xauthority r
> +~/.Xdefaults r
> +~/.fontconfig r
> +~/.fonts r
> +~/.fonts.conf r
> +~/.fonts.conf.d r
> +~/.icons r
> +~/.pki rwc
> +~/.sndio rwc
> +~/.terminfo r
> +
> +~/.mozilla rwc
> +~/Downloads rwc
> +
> +# for at least shm_open (for now)
> +/tmp rwc
> +
> +# $XDG_CACHE_HOME, $XDG_CONFIG_HOME, and $XDG_DATA_HOME will expand to the
> +# given variable if it exists in the environment, otherwise defaulting to
> +# ~/.cache, ~/.config, and ~/.local/share
> +$XDG_CACHE_HOME/dconf rwc
> +$XDG_CACHE_HOME/thumbnails rwc
> +$XDG_CONFIG_HOME/dconf rw
> +$XDG_CONFIG_HOME/fontconfig r
> +$XDG_CONFIG_HOME/gtk-3.0 r
> +$XDG_CONFIG_HOME/mimeapps.list r
> +$XDG_CONFIG_HOME/mozilla rwc
> +$XDG_CONFIG_HOME/user-dirs.dirs r
> +$XDG_DATA_HOME/applications rwc
> +$XDG_DATA_HOME/applnk r
> +$XDG_DATA_HOME/fonts r
> +$XDG_DATA_HOME/glib-2.0 r
> +$XDG_DATA_HOME/icons r
> +$XDG_DATA_HOME/mime r
> +$XDG_DATA_HOME/recently-used.xbel rwc
> +$XDG_DATA_HOME/themes r
> Index: patches/patch-browser_app_profile_firefox_js
> ===================================================================
> RCS file: patches/patch-browser_app_profile_firefox_js
> diff -N patches/patch-browser_app_profile_firefox_js
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-browser_app_profile_firefox_js 25 Sep 2019 16:23:36 -0000
> @@ -0,0 +1,18 @@
> +$OpenBSD$
> +
> +Index: browser/app/profile/firefox.js
> +--- browser/app/profile/firefox.js.orig
> ++++ browser/app/profile/firefox.js
> +@@ -1130,11 +1130,8 @@ pref("security.sandbox.content.syscall_whitelist", "")
> +

OpenBSD Mail Box

Wednesday, October 02, 2019

Re: firefox: unveil and pledge enhancements [8]

No comments:

Post a Comment