Stuart Henderson <stu@spacehopper.org> wrote:
> On 2019/10/28 14:09, joshua stein wrote:
> > On Mon, 28 Oct 2019 at 20:04:06 +0100, Sebastien Marie wrote:
> > > On Mon, Oct 28, 2019 at 09:26:09AM +0100, Klemens Nanni wrote:
> > > > On Sun, Oct 27, 2019 at 12:56:40PM -0500, joshua stein wrote:
> > > > > As a workaround, you can add this to
> > > > > /usr/local/lib/thunderbird/defaults/pref/all-openbsd.js:
> > > > >
> > > > > pref("security.sandbox.pledge.main", "junk");
> > > > >
> > > > > That will cause pledge() to fail rather than continuing with an
> > > > > empty list of pledge promises.
> > > > I appended this line to ~/.thunderbird/*.default/prefs.js and
> > > > thunderbird starts again, thanks. semarie also mentioned this as
> > > > workaround off-list.
> > > >
> > > > However, prefs.js seems to be rewritten, so closing and opening
> > > > Thunderbird results in SIGBART again. Won't happen with the global
> > > > all-openbsd.js for sure, though.
> > > >
> > >
> > > Hi,
> > >
> > > The following diff should unbreak mail/mozilla-thunderbird for now.
> > >
> > > It is a quick fix to have usuable thunderbird, waiting for a proper fix.
> > >
> > > It just adds invalid promises (instead of the default valid empty promise). It
> > > will make thunderbird to show a warning and will effectively disable pledge(2)
> > > (as before without sandbox).
> > >
> > > Comments or OK ?
>
> OK with me.
>
> > Either pass --disable-sandbox in CONFIGURE_ARGS to disable the
> > pledge code, or someone that uses Thunderbird can figure out which
> > pledge promises are actually needed to make it work and add those to
> > all-openbsd.js.
> >
> > It doesn't really make sense to keep building it with sandboxing
> > enabled just to disable it from the preferences.
> >
>
> It makes it easier to test and figure out which pledges are needed
> if one doesn't have to rebuild the damn thing..
it's quite the experiment when it ships broken by default.
No comments:
Post a Comment