[dev] pledge(2) patches

From: Kamil Cholewiński <harry666t_AT_gmail.com>
Date: Wed, 18 May 2016 18:50:15 +0200

Hi folks,

This is purely OpenBSD-specific; had a brief look at SecComp and
promptly ran away.

Included are pledge(2) diffs for dwm, dmenu, st and slock. I've been
testing these for a week now (both stress-tests and normal usage), and I
have no ill effects to report.

- st has been tortured with cat'ing from /dev/random, ssh'ing into some
  odd boxes, running all sorts of silly ncurses apps, etc. I'm writing
  this email by ssh'ing via mosh to a Linux box running emacs in tmux,
  and everything looks good.

- slock has been thoroughly keyboard-mashed. The question stands,
  whether it's a good idea for a potentially non-exploitable bug in
  slock to be able to kill it and unlock the screen. Perhaps only worth
  enabling in "debug mode"?

- dmenu survived cat'ing some serious /dev/random.

- dwm hasn't been tested super-thoroughly, since I keep this one machine
  free from most random crap; however all of the above apps + dillo,
  firefox, xconsole, and some others didn't seem to cause any problems.

My approach was to first try dropping as much privileges as possible
before initialisation, and then some more right before entering the main
loop. I believe even more privileges could be dropped, e.g. in dwm, if
it used a separate process for handling keyboard launching.

Tested on 5.9-stable, amd64.

If there's interest, I could work on pledging other suckless tools as
well (sbase? ii? quark? sup? suggestions?).


Received on Wed May 18 2016 - 18:50:15 CEST

This archive was generated by hypermail 2.3.0 : Wed May 18 2016 - 19:00:11 CEST