MantisBT - Doomseeker
View Issue Details
0003500Doomseeker[All Projects] Securitypublic2018-09-19 18:092019-08-24 17:19
WubTheCaptain 
Pol M 
lowfeatureN/A
assignedopen 
OpenBSD
1.1 
 
0003500: pledge(2) is not yet supported
If 0003499 is going to happen, then it'd be nice if Doomseeker and Wadseeker were pledge'd.
'https://man.openbsd.org/pledge.2 [^]'
'https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pdf [^]'
No tags attached.
related to 0003499assigned Pol M Port Doomseeker to OpenBSD 
related to 0003653assigned Pol M unveil(2) is not yet supported 
Issue History
2018-09-19 18:09WubTheCaptainNew Issue
2018-09-19 18:09WubTheCaptainRelationship addedchild of 0003499
2018-09-19 18:12WubTheCaptainAdditional Information Updatedbug_revision_view_page.php?rev_id=11857#r11857
2018-09-24 19:36WubTheCaptainRelationship replacedrelated to 0003499
2018-10-13 19:11WubTheCaptainPrioritylow => none
2018-12-17 05:08WubTheCaptainAssigned To => WubTheCaptain
2018-12-17 05:08WubTheCaptainStatusnew => acknowledged
2019-01-06 07:11WubTheCaptainSummaryAdd support for pledge(2) => pledge(2) is not yet supported
2019-01-06 10:42FilysteaNote Added: 0020305
2019-04-17 01:39WubTheCaptainCategorySuggestion => Security
2019-05-20 15:38Pol MAssigned ToWubTheCaptain => Pol M
2019-05-20 15:38Pol MStatusacknowledged => assigned
2019-05-26 15:57Pol MNote Added: 0020696
2019-05-26 18:28WubTheCaptainNote Added: 0020697
2019-05-28 16:10ZalewaNote Added: 0020700
2019-05-30 05:54WubTheCaptainPrioritynone => low
2019-05-30 05:56WubTheCaptainStatusassigned => needs review
2019-05-30 05:56WubTheCaptainStatusneeds review => needs testing
2019-05-30 06:10WubTheCaptainNote Added: 0020704
2019-05-30 06:10WubTheCaptainStatusneeds testing => needs review
2019-05-30 06:11WubTheCaptainTarget Version => 1.3
2019-05-30 06:19WubTheCaptainNote Added: 0020705
2019-05-30 06:30WubTheCaptainRelationship addedrelated to 0003653
2019-05-30 06:30WubTheCaptainRelationship replacedchild of 0003653
2019-05-30 06:41WubTheCaptainRelationship replacedrelated to 0003653
2019-05-30 08:01Pol MNote Added: 0020706
2019-05-31 11:39Pol MStatusneeds review => assigned
2019-06-30 10:44ZalewaTarget Version1.3 =>
2019-08-24 17:19WubTheCaptainNote Added: 0020999

Notes
(0020305)
Filystea   
2019-01-06 10:42   
Probably not worth a game. But what ever since priority is zero.
(0020696)
Pol M   
2019-05-26 15:57   
"stdio rpath wpath cpath tmppath inet mcast fattr chown flock unix dns sendfd recvfd tape tty proc exec prot_exec ps audio video unveil"
Should be enough for doomseeker. Maybe there is something that is not needed, but I did not want to over restrict it. There's also the issue that most sys operations will be done by qt, so we don't really know which are being called, and the implementation may change. Due to this, maybe we should not pledge it at all? If we do so, I'd still go for a permissive enough list.
(0020697)
WubTheCaptain   
2019-05-26 18:28   
Quote from Pol M
stdio rpath wpath cpath tmppath inet mcast fattr chown flock unix dns sendfd recvfd tape tty proc exec prot_exec ps audio video unveil


That list seems excessive. I'm also guessing major changes would be needed to restrict processes in Doomseeker lots to smaller operations.

Pledging Wadseeker may do with less.
(0020700)
Zalewa   
2019-05-28 16:10   
I cannot judge on the excessivety of the pledge list, however I decided to merge the PR already:'https://bitbucket.org/Doomseeker/doomseeker/commits/fa55c0712f19254d76050372ffb52bcfc608af1f [^]'

If the list needs tweaking please submit it in another PR or patch.
(0020704)
WubTheCaptain   
2019-05-30 06:10   
We don't even use the unveil(2) syscall (yet). The list of pledges above is almost as bad / equivalent as not supporting pledge at all.

One should start with a minimal pledge (e.g. stdio rpath), run the program, find out which missing pledge the program aborts to, then add that to the pledge list. (Maybe Pol M did it this way?) Later restrict the program's operation to some smaller pledges, if at all possible.
(0020705)
WubTheCaptain   
2019-05-30 06:19   
It'd also be good to include a comment in the code explaining why / where each of the pledges is required.
(0020706)
Pol M   
2019-05-30 08:01   
I started with all of them enabled and started to cut down until something broke. To speed up the process, I did it in batches, allowing me to cut entire chuncks of calls. Since you insist, I'll take a second look at the list :)
Also, there are modules that don't cause Doomseeker to stop working, but cut it's functionality, like the dns option, which means that it's not as easy as simply opening up and seeing it crash.
It would also be nice if lldb worked properly or that gdb and gcc weren't super old, because that way I could actually see why stuff is happening.
(0020999)
WubTheCaptain   
2019-08-24 17:19   
Pol Marcet committed 9aef20f (2019-08-02)

Quote from Pol M
- Added "getpw" and removed "tape" from pledge promises.