git: f0180f270779 - main - devel/got: use Capsicum
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 02 Jul 2022 19:46:44 UTC
The branch main has been updated by naddy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=f0180f2707792637f32aa80ea91c7ef61e56d32b
commit f0180f2707792637f32aa80ea91c7ef61e56d32b
Author: Christian Weisgerber <naddy@FreeBSD.org>
AuthorDate: 2022-07-02 19:45:48 +0000
Commit: Christian Weisgerber <naddy@FreeBSD.org>
CommitDate: 2022-07-02 19:45:48 +0000
devel/got: use Capsicum
Thanks to the design of Got, the libexec helpers don't need any resource
(in fact they run under pledge "stdio recvfd" on OpenBSD) and so using
cap_enter(2) on FreeBSD is dead-easy.
While the main process can't be sandboxed on FreeBSD (needs to exec the
helpers), all the tough work is done by these small libexec helpers
which is also the biggest attack surface.
Obstained from: Omar Polo
---
devel/got/Makefile | 1 +
.../patch-libexec_got-fetch-pack_got-fetch-pack.c | 22 ++++++++++++++++++++++
.../patch-libexec_got-index-pack_got-index-pack.c | 22 ++++++++++++++++++++++
.../patch-libexec_got-read-blob_got-read-blob.c | 22 ++++++++++++++++++++++
...patch-libexec_got-read-commit_got-read-commit.c | 22 ++++++++++++++++++++++
...libexec_got-read-gitconfig_got-read-gitconfig.c | 22 ++++++++++++++++++++++
...libexec_got-read-gotconfig_got-read-gotconfig.c | 22 ++++++++++++++++++++++
...patch-libexec_got-read-object_got-read-object.c | 22 ++++++++++++++++++++++
.../patch-libexec_got-read-pack_got-read-pack.c | 22 ++++++++++++++++++++++
.../patch-libexec_got-read-patch_got-read-patch.c | 22 ++++++++++++++++++++++
.../patch-libexec_got-read-tag_got-read-tag.c | 22 ++++++++++++++++++++++
.../patch-libexec_got-read-tree_got-read-tree.c | 22 ++++++++++++++++++++++
.../patch-libexec_got-send-pack_got-send-pack.c | 22 ++++++++++++++++++++++
13 files changed, 265 insertions(+)
diff --git a/devel/got/Makefile b/devel/got/Makefile
index 5b2b9d38850f..7259df61504e 100644
--- a/devel/got/Makefile
+++ b/devel/got/Makefile
@@ -1,5 +1,6 @@
PORTNAME= got
PORTVERSION= 0.72
+PORTREVISION= 1
CATEGORIES= devel
MASTER_SITES= https://gameoftrees.org/releases/
diff --git a/devel/got/files/patch-libexec_got-fetch-pack_got-fetch-pack.c b/devel/got/files/patch-libexec_got-fetch-pack_got-fetch-pack.c
new file mode 100644
index 000000000000..73748c625db3
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-fetch-pack_got-fetch-pack.c
@@ -0,0 +1,22 @@
+--- libexec/got-fetch-pack/got-fetch-pack.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-fetch-pack/got-fetch-pack.c
+@@ -14,6 +14,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -799,6 +800,11 @@ main(int argc, char **argv)
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-index-pack_got-index-pack.c b/devel/got/files/patch-libexec_got-index-pack_got-index-pack.c
new file mode 100644
index 000000000000..1e2d4660eac6
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-index-pack_got-index-pack.c
@@ -0,0 +1,22 @@
+--- libexec/got-index-pack/got-index-pack.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-index-pack/got-index-pack.c
+@@ -15,6 +15,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/queue.h>
+ #include <sys/stat.h>
+ #include <sys/time.h>
+@@ -1020,6 +1021,11 @@ main(int argc, char **argv)
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-read-blob_got-read-blob.c b/devel/got/files/patch-libexec_got-read-blob_got-read-blob.c
new file mode 100644
index 000000000000..4b228ab2e94f
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-read-blob_got-read-blob.c
@@ -0,0 +1,22 @@
+--- libexec/got-read-blob/got-read-blob.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-read-blob/got-read-blob.c
+@@ -14,6 +14,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -65,6 +66,11 @@ main(int argc, char *argv[])
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-read-commit_got-read-commit.c b/devel/got/files/patch-libexec_got-read-commit_got-read-commit.c
new file mode 100644
index 000000000000..df51f2405e76
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-read-commit_got-read-commit.c
@@ -0,0 +1,22 @@
+--- libexec/got-read-commit/got-read-commit.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-read-commit/got-read-commit.c
+@@ -14,6 +14,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -119,6 +120,11 @@ main(int argc, char *argv[])
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-read-gitconfig_got-read-gitconfig.c b/devel/got/files/patch-libexec_got-read-gitconfig_got-read-gitconfig.c
new file mode 100644
index 000000000000..928cbcdc5e37
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-read-gitconfig_got-read-gitconfig.c
@@ -0,0 +1,22 @@
+--- libexec/got-read-gitconfig/got-read-gitconfig.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-read-gitconfig/got-read-gitconfig.c
+@@ -14,6 +14,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -329,6 +330,11 @@ main(int argc, char *argv[])
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-read-gotconfig_got-read-gotconfig.c b/devel/got/files/patch-libexec_got-read-gotconfig_got-read-gotconfig.c
new file mode 100644
index 000000000000..2c783637b615
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-read-gotconfig_got-read-gotconfig.c
@@ -0,0 +1,22 @@
+--- libexec/got-read-gotconfig/got-read-gotconfig.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-read-gotconfig/got-read-gotconfig.c
+@@ -14,6 +14,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -494,6 +495,11 @@ main(int argc, char *argv[])
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-read-object_got-read-object.c b/devel/got/files/patch-libexec_got-read-object_got-read-object.c
new file mode 100644
index 000000000000..718e58514479
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-read-object_got-read-object.c
@@ -0,0 +1,22 @@
+--- libexec/got-read-object/got-read-object.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-read-object/got-read-object.c
+@@ -14,6 +14,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -140,6 +141,11 @@ main(int argc, char *argv[])
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-read-pack_got-read-pack.c b/devel/got/files/patch-libexec_got-read-pack_got-read-pack.c
new file mode 100644
index 000000000000..89bde218d824
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-read-pack_got-read-pack.c
@@ -0,0 +1,22 @@
+--- libexec/got-read-pack/got-read-pack.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-read-pack/got-read-pack.c
+@@ -14,6 +14,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+@@ -1646,6 +1647,11 @@ main(int argc, char *argv[])
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-read-patch_got-read-patch.c b/devel/got/files/patch-libexec_got-read-patch_got-read-patch.c
new file mode 100644
index 000000000000..bc70e9c4f84b
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-read-patch_got-read-patch.c
@@ -0,0 +1,22 @@
+--- libexec/got-read-patch/got-read-patch.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-read-patch/got-read-patch.c
+@@ -35,6 +35,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -487,6 +488,11 @@ main(int argc, char **argv)
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-read-tag_got-read-tag.c b/devel/got/files/patch-libexec_got-read-tag_got-read-tag.c
new file mode 100644
index 000000000000..1c34d63847f5
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-read-tag_got-read-tag.c
@@ -0,0 +1,22 @@
+--- libexec/got-read-tag/got-read-tag.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-read-tag/got-read-tag.c
+@@ -14,6 +14,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -114,6 +115,11 @@ main(int argc, char *argv[])
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-read-tree_got-read-tree.c b/devel/got/files/patch-libexec_got-read-tree_got-read-tree.c
new file mode 100644
index 000000000000..13a2bf0d34e5
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-read-tree_got-read-tree.c
@@ -0,0 +1,22 @@
+--- libexec/got-read-tree/got-read-tree.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-read-tree/got-read-tree.c
+@@ -14,6 +14,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -113,6 +114,11 @@ main(int argc, char *argv[])
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
diff --git a/devel/got/files/patch-libexec_got-send-pack_got-send-pack.c b/devel/got/files/patch-libexec_got-send-pack_got-send-pack.c
new file mode 100644
index 000000000000..9c7707566103
--- /dev/null
+++ b/devel/got/files/patch-libexec_got-send-pack_got-send-pack.c
@@ -0,0 +1,22 @@
+--- libexec/got-send-pack/got-send-pack.c.orig 2022-06-19 18:47:42 UTC
++++ libexec/got-send-pack/got-send-pack.c
+@@ -15,6 +15,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/capsicum.h>
+ #include <sys/types.h>
+ #include <sys/queue.h>
+ #include <sys/uio.h>
+@@ -595,6 +596,11 @@ main(int argc, char **argv)
+ /* revoke access to most system calls */
+ if (pledge("stdio recvfd", NULL) == -1) {
+ err = got_error_from_errno("pledge");
++ got_privsep_send_error(&ibuf, err);
++ return 1;
++ }
++ if (cap_enter() == -1) {
++ err = got_error_from_errno("cap_enter");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }