Started by D-Bus, this upowerd(8) runs as root without the usual
OpenBSD security considerations.
upowerd(8) used to support scripts, but deprecated them in 2013.
I don't see any other code that would fork or exec stuff.
apm(4) ioctls is not covered by pledge(2), sensors readying via
sysctl(2) should be, though.
So as with openbsdisks2, unveil("/", "rwc") to strip the x bit.
`upower --monitor-detail' and replugging my notebook's power cable
still provides all the details.
Works for me on Xfce.
Feedback? Objection? OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/sysutils/upower/Makefile,v
diff -u -p -r1.71 Makefile
--- Makefile 17 Oct 2023 08:15:21 -0000 1.71
+++ Makefile 8 Nov 2023 12:26:28 -0000
@@ -5,6 +5,7 @@ COMMENT = userland power management inte
V = v1.90.2
DISTNAME = upower-${V}
PKGNAME = upower-${V:S/v//}
+REVISION = 0
CATEGORIES = sysutils
SHARED_LIBS += upower-glib 3.0
@@ -17,6 +18,7 @@ MAINTAINER = Landry Breuil <landry@openb
# GPLv2+
PERMIT_PACKAGE= Yes
+# uses unveil()
WANTLIB += c gio-2.0 glib-2.0 gobject-2.0 m
MODULES = devel/meson
Index: patches/patch-src_up-main_c
===================================================================
RCS file: patches/patch-src_up-main_c
diff -N patches/patch-src_up-main_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_up-main_c 8 Nov 2023 13:38:35 -0000
@@ -0,0 +1,26 @@
+Uncovered apm(4) ioctl(2) prevents pledge(2) usage.
+unveil(2) all files read-write-create to prevent execution.
+
+Index: src/up-main.c
+--- src/up-main.c.orig
++++ src/up-main.c
+@@ -22,6 +22,7 @@
+
+ #include "config.h"
+
++#include <err.h>
+ #include <string.h>
+ #include <signal.h>
+ #include <sys/types.h>
+@@ -183,6 +184,11 @@ main (gint argc, gchar **argv)
+ UpState *state;
+ GBusNameOwnerFlags bus_flags;
+ gboolean replace = FALSE;
++
++ if (unveil("/", "rwc") == -1)
++ err(1, "unveil /");
++ if (unveil(NULL, NULL) == -1)
++ err(1, "unveil NULL");
+
+ const GOptionEntry options[] = {
+ { "timed-exit", '\0', 0, G_OPTION_ARG_NONE, &timed_exit,
No comments:
Post a Comment