Zandronum Chat on our Discord Server Get the latest version: 3.1
Source Code

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003500Doomseeker[All Projects] Securitypublic2018-09-19 18:092019-08-24 17:19
ReporterWubTheCaptain 
Assigned ToPol M 
PrioritylowSeverityfeatureReproducibilityN/A
StatusassignedResolutionopen 
PlatformOSOpenBSDOS Version
Product Version1.1 
Target VersionFixed in Version 
Summary0003500: pledge(2) is not yet supported
DescriptionIf 0003499 is going to happen, then it'd be nice if Doomseeker and Wadseeker were pledge'd.
Additional Information'https://man.openbsd.org/pledge.2 [^]'
'https://www.openbsd.org/papers/BeckPledgeUnveilBSDCan2018.pdf [^]'
Attached Files

- Relationships
related to 0003499assignedPol M Port Doomseeker to OpenBSD 
related to 0003653assignedPol M unveil(2) is not yet supported 

-  Notes
User avatar (0020305)
Filystea (reporter)
2019-01-06 10:42

Probably not worth a game. But what ever since priority is zero.
User avatar (0020696)
Pol M (developer)
2019-05-26 15:57

"stdio rpath wpath cpath tmppath inet mcast fattr chown flock unix dns sendfd recvfd tape tty proc exec prot_exec ps audio video unveil"
Should be enough for doomseeker. Maybe there is something that is not needed, but I did not want to over restrict it. There's also the issue that most sys operations will be done by qt, so we don't really know which are being called, and the implementation may change. Due to this, maybe we should not pledge it at all? If we do so, I'd still go for a permissive enough list.
User avatar (0020697)
WubTheCaptain (reporter)
2019-05-26 18:28

Quote from Pol M
stdio rpath wpath cpath tmppath inet mcast fattr chown flock unix dns sendfd recvfd tape tty proc exec prot_exec ps audio video unveil


That list seems excessive. I'm also guessing major changes would be needed to restrict processes in Doomseeker lots to smaller operations.

Pledging Wadseeker may do with less.
User avatar (0020700)
Zalewa (developer)
2019-05-28 16:10

I cannot judge on the excessivety of the pledge list, however I decided to merge the PR already:'https://bitbucket.org/Doomseeker/doomseeker/commits/fa55c0712f19254d76050372ffb52bcfc608af1f [^]'

If the list needs tweaking please submit it in another PR or patch.
User avatar (0020704)
WubTheCaptain (reporter)
2019-05-30 06:10

We don't even use the unveil(2) syscall (yet). The list of pledges above is almost as bad / equivalent as not supporting pledge at all.

One should start with a minimal pledge (e.g. stdio rpath), run the program, find out which missing pledge the program aborts to, then add that to the pledge list. (Maybe Pol M did it this way?) Later restrict the program's operation to some smaller pledges, if at all possible.
User avatar (0020705)
WubTheCaptain (reporter)
2019-05-30 06:19

It'd also be good to include a comment in the code explaining why / where each of the pledges is required.
User avatar (0020706)
Pol M (developer)
2019-05-30 08:01

I started with all of them enabled and started to cut down until something broke. To speed up the process, I did it in batches, allowing me to cut entire chuncks of calls. Since you insist, I'll take a second look at the list :)
Also, there are modules that don't cause Doomseeker to stop working, but cut it's functionality, like the dns option, which means that it's not as easy as simply opening up and seeing it crash.
It would also be nice if lldb worked properly or that gdb and gcc weren't super old, because that way I could actually see why stuff is happening.
User avatar (0020999)
WubTheCaptain (reporter)
2019-08-24 17:19

Pol Marcet committed 9aef20f (2019-08-02)

Quote from Pol M
- Added "getpw" and removed "tape" from pledge promises.

Issue Community Support
Only registered users can voice their support. Click here to register, or here to log in.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2018-09-19 18:09 WubTheCaptain New Issue
2018-09-19 18:09 WubTheCaptain Relationship added child of 0003499
2018-09-19 18:12 WubTheCaptain Additional Information Updated View Revisions
2018-09-24 19:36 WubTheCaptain Relationship replaced related to 0003499
2018-10-13 19:11 WubTheCaptain Priority low => none
2018-12-17 05:08 WubTheCaptain Assigned To => WubTheCaptain
2018-12-17 05:08 WubTheCaptain Status new => acknowledged
2019-01-06 07:11 WubTheCaptain Summary Add support for pledge(2) => pledge(2) is not yet supported
2019-01-06 10:42 Filystea Note Added: 0020305
2019-04-17 01:39 WubTheCaptain Category Suggestion => Security
2019-05-20 15:38 Pol M Assigned To WubTheCaptain => Pol M
2019-05-20 15:38 Pol M Status acknowledged => assigned
2019-05-26 15:57 Pol M Note Added: 0020696
2019-05-26 18:28 WubTheCaptain Note Added: 0020697
2019-05-28 16:10 Zalewa Note Added: 0020700
2019-05-30 05:54 WubTheCaptain Priority none => low
2019-05-30 05:56 WubTheCaptain Status assigned => needs review
2019-05-30 05:56 WubTheCaptain Status needs review => needs testing
2019-05-30 06:10 WubTheCaptain Note Added: 0020704
2019-05-30 06:10 WubTheCaptain Status needs testing => needs review
2019-05-30 06:11 WubTheCaptain Target Version => 1.3
2019-05-30 06:19 WubTheCaptain Note Added: 0020705
2019-05-30 06:30 WubTheCaptain Relationship added related to 0003653
2019-05-30 06:30 WubTheCaptain Relationship replaced child of 0003653
2019-05-30 06:41 WubTheCaptain Relationship replaced related to 0003653
2019-05-30 08:01 Pol M Note Added: 0020706
2019-05-31 11:39 Pol M Status needs review => assigned
2019-06-30 10:44 Zalewa Target Version 1.3 =>
2019-08-24 17:19 WubTheCaptain Note Added: 0020999






Questions or other issues? Contact Us.

Links


Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker