"GOT", but the "O" is a cute, smiling pufferfish. Index | Thread | Search

From:
Stefan Sperling <stsp@stsp.name>
Subject:
Re: use unveil in gotwebd sockets proc
To:
Kyle Ackerman <kackerman0102@gmail.com>
Cc:
gameoftrees@openbsd.org
Date:
Tue, 14 Nov 2023 09:20:03 +0100

Download raw body.

Thread 
On Mon, Nov 13, 2023 at 06:54:56PM -0600, Kyle Ackerman wrote:
> Looks good to me. Nothing crazy appeared from my manual testing either.
> 

Thanks Kyle!

As per Omar's point regading the gotwebd.c diff, we can even drop
the /tmp directory altogether. New diff below.
(In hindsight, I should have posted both diffs together.)

> ok kack

Thanks for checking the diff!
In OpenBSD, only developers with commit access provide formal code review OKs.
To keep things consistent I apply the same principle here, even though there
are a few people with commit access to Got who aren't OpenBSD developers.
The reasons Got isn't hosted in the OpenBSD CVS repository are technical
in nature; Allowing us to dog-food our implementation and preserving the
existing version control history in Git format. Otherwise the rules are
largely the same to avoid friction for people already involved in OpenBSD.

diff /home/stsp/src/got
commit - b1c090542f4ecaf993fc81468338839febcb8e37
path + /home/stsp/src/got
blob - 341d3774c799acfb106876120fa0e5ae0b9131c0
file + gotwebd/sockets.c
--- gotwebd/sockets.c
+++ gotwebd/sockets.c
@@ -53,6 +53,7 @@
 #include "got_opentemp.h"
 #include "got_reference.h"
 #include "got_repository.h"
+#include "got_privsep.h"
 
 #include "proc.h"
 #include "gotwebd.h"
@@ -112,8 +113,8 @@ sockets_run(struct privsep *ps, struct privsep_proc *p
 	signal_add(&ps->ps_evsigchld, NULL);
 
 #ifndef PROFILE
-	if (pledge("stdio rpath wpath cpath inet recvfd proc exec sendfd",
-	    NULL) == -1)
+	if (pledge("stdio rpath wpath cpath inet recvfd proc exec sendfd "
+	    "unveil", NULL) == -1)
 		fatal("pledge");
 #endif
 }
@@ -246,6 +247,8 @@ static void
 sockets_launch(void)
 {
 	struct socket *sock;
+	struct server *srv;
+	const struct got_error *error;
 
 	TAILQ_FOREACH(sock, &gotwebd_env->sockets, entry) {
 		log_debug("%s: configuring socket %d (%d)", __func__,
@@ -262,6 +265,18 @@ sockets_launch(void)
 		log_debug("%s: running socket listener %d", __func__,
 		    sock->conf.id);
 	}
+
+	TAILQ_FOREACH(srv, &gotwebd_env->servers, entry) {
+		if (unveil(srv->repos_path, "r") == -1)
+			fatal("unveil %s", srv->repos_path);
+	}
+
+	error = got_privsep_unveil_exec_helpers();
+	if (error)
+		fatal("%s", error->msg);
+
+	if (unveil(NULL, NULL) != 0)
+		fatal("unveil");
 }
 
 static void