Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add pledge(2) support for OpenBSD #469

Merged
merged 1 commit into from
Nov 17, 2017
Merged

Add pledge(2) support for OpenBSD #469

merged 1 commit into from
Nov 17, 2017

Conversation

qbit
Copy link
Contributor

@qbit qbit commented Nov 16, 2017

Pledge (OpenBSD only) is a way to restrict the operations an
application can make use of on OpenBSD. Applications declare
their intent by specifying the system calls they will use,
after which point, any use outside of the pledge'd calls will
result in the kernel killing the process.

More info on pledge can be found here: http://man.openbsd.org/pledge

@qbit
Add pledge(2) support for OpenBSD
85c6f0c 
Pledge (OpenBSD only) is a way to restrict the operations an
application can make use of on OpenBSD. Applications declare
their intent by specifying the system calls they will use,
after which point, any use outside of the pledge'd calls will
result in the kernel killing the process.

More info on pledge can be found here: http://man.openbsd.org/pledge
@dominikschulz dominikschulz self-requested a review November 17, 2017 08:37
@falschparker82
Copy link
Contributor

Note that this might disable the version check web call in gopass version (don't know enough about OpenBSD to verify):
protect.Pledge("stdio rpath tty proc exec")

Otherwise, a great idea IMHO, we might want to add seccomp as well then: https://godoc.org/github.com/seccomp/libseccomp-golang

@falschparker82
Copy link
Contributor

(oh well, libseccomp bindings invoke CGo: that would probably open a whole new can of worms, forget what I just said...)

dominikschulz
dominikschulz approved these changes Nov 17, 2017
View reviewed changes
Copy link
Member

@dominikschulz dominikschulz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I couldn't verify this on OpenBSD, yet.

@dominikschulz
Copy link
Member

CGo would only be an option if we find a way to cross-compile our releases. CGo for Linux-only files would probably be possible, but restrict building releases to Linux.

If you still want Seccomp it would probably be best to move this to another issue.

@dominikschulz dominikschulz merged commit f86ae17 into gopasspw:master Nov 17, 2017
@dominikschulz
Copy link
Member

@qbit If I understand the pledge documentation correctly this breaks the version check as @falschparker82 noticed. IMHO we're missing the inet capability.

I'll leave it to your discretion if this is OK or not.

qbit added a commit to qbit/gopass that referenced this pull request Nov 17, 2017
@qbit
Bail early if we protector is enabled
0288293 
As pointed out in gopasspw#469, the pledging breaks the version check.
My testing "worked" because of the HEAD check..

Since we typically disable remote version checks in OpenBSD anyway
(doing an update would break the package otherwise), we might as
well disable it here.
@qbit qbit mentioned this pull request Nov 17, 2017
Merged
dominikschulz pushed a commit that referenced this pull request Nov 17, 2017
@qbit @dominikschulz
Bail early if we protector is enabled (#470)
4802d7f 
As pointed out in #469, the pledging breaks the version check.
My testing "worked" because of the HEAD check..

Since we typically disable remote version checks in OpenBSD anyway
(doing an update would break the package otherwise), we might as
well disable it here.
kpitt pushed a commit to kpitt/gopass that referenced this pull request Jul 21, 2022
@qbit @dominikschulz
Add pledge(2) support for OpenBSD (gopasspw#469)
0a9d99c 
Pledge (OpenBSD only) is a way to restrict the operations an
application can make use of on OpenBSD. Applications declare
their intent by specifying the system calls they will use,
after which point, any use outside of the pledge'd calls will
result in the kernel killing the process.

More info on pledge can be found here: http://man.openbsd.org/pledge
kpitt pushed a commit to kpitt/gopass that referenced this pull request Jul 21, 2022
@qbit @dominikschulz
Bail early if we protector is enabled (gopasspw#470)
2244fb1 
As pointed out in gopasspw#469, the pledging breaks the version check.
My testing "worked" because of the HEAD check..

Since we typically disable remote version checks in OpenBSD anyway
(doing an update would break the package otherwise), we might as
well disable it here.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dominikschulz dominikschulz dominikschulz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@qbit @falschparker82 @dominikschulz