From nobody Sat Jul 02 19:46:44 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E877B8B1B32; Sat, 2 Jul 2022 19:46:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lb2dJ66PVz4bLm; Sat, 2 Jul 2022 19:46:44 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1656791204; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0+w2CuqbOlqqZ4U2RUGPGHZaSo5k2uth5W+pwaAEjEM=; b=Hrs0kr9jse7b7XVhd2LEtXjk/dUmJETOImeD6AZwzmeZ/49NF6BHxnJz7J13JffqUI2Wrt s085XAGHEmJft6fJ26lMvcwaziag2jSDCfcWt58jiZattUVC2Zzx1aKZXETVJxqgjxHqAq GRfWGpZUJlYagQZ7tZNjUd30r1DxeMSE0tE46fSnu/h/0LEpfsqqWZIXaXyOg2l3PNleix ziV9H5F64QBYNCUNETHL9RDTxitpuCoUkoedrVXBOp9tYu0H/AwIW0nek2V3dN4Sm4wAwj +xHDKUtPGhqFDaGjSO5lYjhvQZX9V1LbxEm5oswGLxh+d2rThcDHDUZ48XPnQA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id ADECA161A9; Sat, 2 Jul 2022 19:46:44 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 262Jkihf097885; Sat, 2 Jul 2022 19:46:44 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 262JkimZ097884; Sat, 2 Jul 2022 19:46:44 GMT (envelope-from git) Date: Sat, 2 Jul 2022 19:46:44 GMT Message-Id: <202207021946.262JkimZ097884@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Christian Weisgerber Subject: git: f0180f270779 - main - devel/got: use Capsicum List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: naddy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f0180f2707792637f32aa80ea91c7ef61e56d32b Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1656791204; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0+w2CuqbOlqqZ4U2RUGPGHZaSo5k2uth5W+pwaAEjEM=; b=qz47eyGDQ2mck3zET7Zy05qcjKYHjma6AmQiOXfbhF0hblqt/9Izg3aJjVDx0M1HAAGGk1 uFAdwFsKUm7SaR4QjdYeRMeFRrCsJzzRWn0QT5ZcFuAWMb3gdU9RkXt0MPXnh14AsPH5u3 Shc9zotg/cAQ0NlgaG+DesMjOKpxHYnkBzwdV30NeerwfdETPYoE0gmuTTdcdzGAiwiTkK Y8tRreEh9ncqAfWq3FYGof/iqyvpKYQ5AzWl9Zv9FFXYeJho22UmpnxvzMlgEHjTZ3weYD wBvzLUitMFKKJkQIECWR0BAeKSBb1rI6r6TTHJwcByckS5kDsLqqF0OWB6JTRw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1656791204; a=rsa-sha256; cv=none; b=A13bNx4YTAUSzCItFZk1jU55jER6ePc7lYCf8XlTvY7TOWw1RxkheYpsqEmPNbjUR1LRO9 0+tdCvtfrIq4nR4DnNlb6ZUdiz9L0h/eVf2G/JuRjvYP2N+hq0pjGIDQiBY/q+MmjITBv3 KqEqg0EBRbrG5vKZGaQDKdw3h49do9vggbnfFdU8kFU6WHP7IvcNT32RfLxyYfR4+TbftE 5OHf8ZOCsWvnY6brslg8ZYcsUkMKWdVHFvEyCfZA7F6U3hBlR+mDTGDc414PtsmbElCX6b uphEmMGOZQujab6yBkAiHldeQMTKvFDWalNrjS5XKt2UBxzp7xr7aGpuktBPeQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by naddy: URL: https://cgit.FreeBSD.org/ports/commit/?id=f0180f2707792637f32aa80ea91c7ef61e56d32b commit f0180f2707792637f32aa80ea91c7ef61e56d32b Author: Christian Weisgerber AuthorDate: 2022-07-02 19:45:48 +0000 Commit: Christian Weisgerber CommitDate: 2022-07-02 19:45:48 +0000 devel/got: use Capsicum Thanks to the design of Got, the libexec helpers don't need any resource (in fact they run under pledge "stdio recvfd" on OpenBSD) and so using cap_enter(2) on FreeBSD is dead-easy. While the main process can't be sandboxed on FreeBSD (needs to exec the helpers), all the tough work is done by these small libexec helpers which is also the biggest attack surface. Obstained from: Omar Polo --- devel/got/Makefile | 1 + .../patch-libexec_got-fetch-pack_got-fetch-pack.c | 22 ++++++++++++++++++++++ .../patch-libexec_got-index-pack_got-index-pack.c | 22 ++++++++++++++++++++++ .../patch-libexec_got-read-blob_got-read-blob.c | 22 ++++++++++++++++++++++ ...patch-libexec_got-read-commit_got-read-commit.c | 22 ++++++++++++++++++++++ ...libexec_got-read-gitconfig_got-read-gitconfig.c | 22 ++++++++++++++++++++++ ...libexec_got-read-gotconfig_got-read-gotconfig.c | 22 ++++++++++++++++++++++ ...patch-libexec_got-read-object_got-read-object.c | 22 ++++++++++++++++++++++ .../patch-libexec_got-read-pack_got-read-pack.c | 22 ++++++++++++++++++++++ .../patch-libexec_got-read-patch_got-read-patch.c | 22 ++++++++++++++++++++++ .../patch-libexec_got-read-tag_got-read-tag.c | 22 ++++++++++++++++++++++ .../patch-libexec_got-read-tree_got-read-tree.c | 22 ++++++++++++++++++++++ .../patch-libexec_got-send-pack_got-send-pack.c | 22 ++++++++++++++++++++++ 13 files changed, 265 insertions(+) diff --git a/devel/got/Makefile b/devel/got/Makefile index 5b2b9d38850f..7259df61504e 100644 --- a/devel/got/Makefile +++ b/devel/got/Makefile @@ -1,5 +1,6 @@ PORTNAME= got PORTVERSION= 0.72 +PORTREVISION= 1 CATEGORIES= devel MASTER_SITES= https://gameoftrees.org/releases/ diff --git a/devel/got/files/patch-libexec_got-fetch-pack_got-fetch-pack.c b/devel/got/files/patch-libexec_got-fetch-pack_got-fetch-pack.c new file mode 100644 index 000000000000..73748c625db3 --- /dev/null +++ b/devel/got/files/patch-libexec_got-fetch-pack_got-fetch-pack.c @@ -0,0 +1,22 @@ +--- libexec/got-fetch-pack/got-fetch-pack.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-fetch-pack/got-fetch-pack.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -799,6 +800,11 @@ main(int argc, char **argv) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-index-pack_got-index-pack.c b/devel/got/files/patch-libexec_got-index-pack_got-index-pack.c new file mode 100644 index 000000000000..1e2d4660eac6 --- /dev/null +++ b/devel/got/files/patch-libexec_got-index-pack_got-index-pack.c @@ -0,0 +1,22 @@ +--- libexec/got-index-pack/got-index-pack.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-index-pack/got-index-pack.c +@@ -15,6 +15,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -1020,6 +1021,11 @@ main(int argc, char **argv) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-read-blob_got-read-blob.c b/devel/got/files/patch-libexec_got-read-blob_got-read-blob.c new file mode 100644 index 000000000000..4b228ab2e94f --- /dev/null +++ b/devel/got/files/patch-libexec_got-read-blob_got-read-blob.c @@ -0,0 +1,22 @@ +--- libexec/got-read-blob/got-read-blob.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-read-blob/got-read-blob.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -65,6 +66,11 @@ main(int argc, char *argv[]) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-read-commit_got-read-commit.c b/devel/got/files/patch-libexec_got-read-commit_got-read-commit.c new file mode 100644 index 000000000000..df51f2405e76 --- /dev/null +++ b/devel/got/files/patch-libexec_got-read-commit_got-read-commit.c @@ -0,0 +1,22 @@ +--- libexec/got-read-commit/got-read-commit.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-read-commit/got-read-commit.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -119,6 +120,11 @@ main(int argc, char *argv[]) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-read-gitconfig_got-read-gitconfig.c b/devel/got/files/patch-libexec_got-read-gitconfig_got-read-gitconfig.c new file mode 100644 index 000000000000..928cbcdc5e37 --- /dev/null +++ b/devel/got/files/patch-libexec_got-read-gitconfig_got-read-gitconfig.c @@ -0,0 +1,22 @@ +--- libexec/got-read-gitconfig/got-read-gitconfig.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-read-gitconfig/got-read-gitconfig.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -329,6 +330,11 @@ main(int argc, char *argv[]) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-read-gotconfig_got-read-gotconfig.c b/devel/got/files/patch-libexec_got-read-gotconfig_got-read-gotconfig.c new file mode 100644 index 000000000000..2c783637b615 --- /dev/null +++ b/devel/got/files/patch-libexec_got-read-gotconfig_got-read-gotconfig.c @@ -0,0 +1,22 @@ +--- libexec/got-read-gotconfig/got-read-gotconfig.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-read-gotconfig/got-read-gotconfig.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -494,6 +495,11 @@ main(int argc, char *argv[]) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-read-object_got-read-object.c b/devel/got/files/patch-libexec_got-read-object_got-read-object.c new file mode 100644 index 000000000000..718e58514479 --- /dev/null +++ b/devel/got/files/patch-libexec_got-read-object_got-read-object.c @@ -0,0 +1,22 @@ +--- libexec/got-read-object/got-read-object.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-read-object/got-read-object.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -140,6 +141,11 @@ main(int argc, char *argv[]) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-read-pack_got-read-pack.c b/devel/got/files/patch-libexec_got-read-pack_got-read-pack.c new file mode 100644 index 000000000000..89bde218d824 --- /dev/null +++ b/devel/got/files/patch-libexec_got-read-pack_got-read-pack.c @@ -0,0 +1,22 @@ +--- libexec/got-read-pack/got-read-pack.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-read-pack/got-read-pack.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -1646,6 +1647,11 @@ main(int argc, char *argv[]) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-read-patch_got-read-patch.c b/devel/got/files/patch-libexec_got-read-patch_got-read-patch.c new file mode 100644 index 000000000000..bc70e9c4f84b --- /dev/null +++ b/devel/got/files/patch-libexec_got-read-patch_got-read-patch.c @@ -0,0 +1,22 @@ +--- libexec/got-read-patch/got-read-patch.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-read-patch/got-read-patch.c +@@ -35,6 +35,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -487,6 +488,11 @@ main(int argc, char **argv) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-read-tag_got-read-tag.c b/devel/got/files/patch-libexec_got-read-tag_got-read-tag.c new file mode 100644 index 000000000000..1c34d63847f5 --- /dev/null +++ b/devel/got/files/patch-libexec_got-read-tag_got-read-tag.c @@ -0,0 +1,22 @@ +--- libexec/got-read-tag/got-read-tag.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-read-tag/got-read-tag.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -114,6 +115,11 @@ main(int argc, char *argv[]) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-read-tree_got-read-tree.c b/devel/got/files/patch-libexec_got-read-tree_got-read-tree.c new file mode 100644 index 000000000000..13a2bf0d34e5 --- /dev/null +++ b/devel/got/files/patch-libexec_got-read-tree_got-read-tree.c @@ -0,0 +1,22 @@ +--- libexec/got-read-tree/got-read-tree.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-read-tree/got-read-tree.c +@@ -14,6 +14,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -113,6 +114,11 @@ main(int argc, char *argv[]) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + } diff --git a/devel/got/files/patch-libexec_got-send-pack_got-send-pack.c b/devel/got/files/patch-libexec_got-send-pack_got-send-pack.c new file mode 100644 index 000000000000..9c7707566103 --- /dev/null +++ b/devel/got/files/patch-libexec_got-send-pack_got-send-pack.c @@ -0,0 +1,22 @@ +--- libexec/got-send-pack/got-send-pack.c.orig 2022-06-19 18:47:42 UTC ++++ libexec/got-send-pack/got-send-pack.c +@@ -15,6 +15,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++#include + #include + #include + #include +@@ -595,6 +596,11 @@ main(int argc, char **argv) + /* revoke access to most system calls */ + if (pledge("stdio recvfd", NULL) == -1) { + err = got_error_from_errno("pledge"); ++ got_privsep_send_error(&ibuf, err); ++ return 1; ++ } ++ if (cap_enter() == -1) { ++ err = got_error_from_errno("cap_enter"); + got_privsep_send_error(&ibuf, err); + return 1; + }