On Sat, Dec 28, 2024 at 03:54:34PM +0000, Stuart Henderson wrote:
> On 2024/12/28 09:51, Chaz Kettleson wrote:
> > I've been running this for a while and continued to do testing without
> > issues. Can we get this committed? Or is someone willing to take a look.
> 
> I'm not a fan of building up the promises string dynamically. The
> approach I've normally seen used would be to pledge with the maximal
> promises set first, then call pledge again with a smaller set to revoke
> the unneeded ones as they're determined. That uses static strings so
> doesn't require that they're in writable memory.

Thank you. I've updated and referenced the net/iperf3 in cooking this
diff.

> 
> I don't run an IRC server and it's not clear how to test without that.
> I see the port's rc script permits reload (no rc_reload=NO) - how does
> this hold up to reloading with different config (i.e. changing from
> config which doesn't need file access, to config which does)?
> 

SIGHUP sets RESTART=1 which will just execv HOPM_BINPATH. This is why I
carry the exec promise and only unveil the HOPM_BINPATH as part of the
base set of promises.

-- 
V/r,

Chaz

diff --git a/patch-src_main_c b/patch-src_main_c
new file mode 100644
index 00000000000..c76235abed6
--- /dev/null
+++ b/patch-src_main_c
@@ -0,0 +1,102 @@
+add pledge/unveil
+
+Index: src/main.c
+--- src/main.c.orig
++++ src/main.c
+@@ -30,6 +30,9 @@
+ #include <fcntl.h>
+ #include <stdlib.h>
+ #include <string.h>
++#if defined(__OpenBSD__)
++#include <err.h>
++#endif
+ 
+ #include "config.h"
+ #include "irc.h"
+@@ -39,6 +42,9 @@
+ #include "options.h"
+ #include "memory.h"
+ #include "main.h"
++#if defined(__OpenBSD__)
++#include "match.h"
++#endif
+ 
+ 
+ static int RESTART;  /* Flagged to restart on next cycle */
+@@ -70,6 +76,65 @@ setup_corelimit(void)
+   }
+ }
+ 
++#if defined(__OpenBSD__)
++static void
++setup_pledge(void) {
++  int needr = 0;
++  int needp = 0;
++
++  if (unveil(HOPM_BINPATH, "x") == -1) {
++    err(1, "unveil");
++  }
++
++  if (IRCItem.tls) {
++    if (unveil("/etc/ssl/cert.pem", "r") == -1) {
++      err(1, "unveil");
++    }
++
++    if (!EmptyString(IRCItem.rsa_private_key_file) &&
++        !EmptyString(IRCItem.tls_certificate_file)) {
++      if (unveil("IRCItem.rsa_private_key", "r") == -1) {
++        err(1, "unveil");
++      }
++
++      if (unveil("IRCItem.tls_certificate_file", "r") == -1) {
++        err(1, "unveil");
++      }
++    }
++
++    needr = 1;
++  }
++
++  if (!EmptyString(OpmItem.dnsbl_to) &&
++      !EmptyString(OpmItem.dnsbl_from) &&
++      !EmptyString(OpmItem.sendmail)) {
++    if (unveil("/bin/sh", "x") == -1) {
++	err(1, "unveil");
++    }
++
++    needp = 1;
++  }
++
++  if (needr && needp) {
++    if (pledge("stdio rpath inet dns proc exec", NULL) == -1) {
++      err(1, "pledge");
++    }
++  } else if (needr) {
++    if (pledge("stdio rpath inet dns exec", NULL) == -1) {
++      err(1, "pledge");
++    }
++  } else if (needp) {
++    if (pledge("stdio inet dns proc exec", NULL) == -1) {
++      err(1, "pledge");
++    }
++  } else {
++    if (pledge("stdio inet dns exec", NULL) == -1) {
++      err(1, "pledge");
++    }
++  }
++}
++#endif
++
+ static void
+ do_signal(int signum)
+ {
+@@ -199,6 +264,10 @@ main(int argc, char *argv[])
+     exit(EXIT_FAILURE);
+   }
+ 
++#if defined(__OpenBSD__)
++  setup_pledge();
++#endif
++
+   /* Setup alarm & int handlers. */
+   ALARMACTION.sa_handler = &do_signal;
+   ALARMACTION.sa_flags = SA_RESTART;