From 40ae8f5fa67cb7ec529f9fea5816fb8804c9bba8 Mon Sep 17 00:00:00 2001 From: Edward Tomasz Napierala Date: Sat, 7 Oct 2017 03:28:02 +0100 Subject: [PATCH 1/6] Limit capsicum rights to stdio. This requires FreeBSD fix (https://reviews.freebsd.org/D12622) to work properly. --- src/core/capsicum.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/core/capsicum.c b/src/core/capsicum.c index 3b0708cb..1c5c59da 100644 --- a/src/core/capsicum.c +++ b/src/core/capsicum.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #define OPCODE_CONNECT 1 @@ -410,6 +411,13 @@ static void cmd_capsicum_enter(void) */ signal(SIGCHLD, SIG_IGN); + error = caph_limit_stdio(); + if (error != 0) { + g_warning("caph_limit_stdio(3) failed: %s", strerror(errno)); + signal_emit("capability mode failed", 1, strerror(errno)); + return; + } + error = cap_enter(); if (error != 0) { signal_emit("capability mode failed", 1, strerror(errno)); From 17b195021dc35b95b24c1cce6f2e891e0e6b85ec Mon Sep 17 00:00:00 2001 From: Edward Tomasz Napierala Date: Wed, 11 Oct 2017 14:34:38 +0100 Subject: [PATCH 2/6] Bump default capsicum_port_max to 9999. This is needed for servers like ssl.efnet.org, which, per default config, listen on 9999. --- src/core/capsicum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/capsicum.c b/src/core/capsicum.c index 1c5c59da..945d3197 100644 --- a/src/core/capsicum.c +++ b/src/core/capsicum.c @@ -452,7 +452,7 @@ void capsicum_init(void) settings_add_bool("misc", "capsicum", FALSE); settings_add_str("misc", "capsicum_irclogs_path", "~/irclogs"); settings_add_int("misc", "capsicum_port_min", 6667); - settings_add_int("misc", "capsicum_port_max", 6697); + settings_add_int("misc", "capsicum_port_max", 9999); signal_add("irssi init finished", (SIGNAL_FUNC) sig_init_finished); From 1e66cbd62e231f8ae47589cf4f1c0c6c62bb7ca8 Mon Sep 17 00:00:00 2001 From: Edward Tomasz Napierala Date: Wed, 11 Oct 2017 23:13:06 +0100 Subject: [PATCH 3/6] Improve Capsicum stdio limits to fix terminal state on exit. --- src/core/capsicum.c | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/src/core/capsicum.c b/src/core/capsicum.c index 945d3197..5f2556ab 100644 --- a/src/core/capsicum.c +++ b/src/core/capsicum.c @@ -360,6 +360,38 @@ static void cmd_capsicum(const char *data, SERVER_REC *server, void *item) command_runsub("capsicum", data, server, item); } +/* + * The main difference between this and caph_limit_stdio(3) is that this + * one permits TIOCSETAW, which is requred for restoring the terminal state + * on exit. + */ +static int +limit_stdio_fd(int fd) +{ + cap_rights_t rights; + unsigned long cmds[] = { TIOCGETA, TIOCGWINSZ, TIOCSETAW, FIODTYPE }; + + cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_EVENT, CAP_FCNTL, + CAP_FSTAT, CAP_IOCTL, CAP_SEEK); + + if (cap_rights_limit(fd, &rights) < 0) { + g_warning("cap_rights_limit(3) failed: %s", strerror(errno)); + return (-1); + } + + if (cap_ioctls_limit(fd, cmds, nitems(cmds)) < 0) { + g_warning("cap_ioctls_limit(3) failed: %s", strerror(errno)); + return (-1); + } + + if (cap_fcntls_limit(fd, CAP_FCNTL_GETFL) < 0) { + g_warning("cap_fcntls_limit(3) failed: %s", strerror(errno)); + return (-1); + } + + return (0); +} + static void cmd_capsicum_enter(void) { u_int mode; @@ -411,9 +443,9 @@ static void cmd_capsicum_enter(void) */ signal(SIGCHLD, SIG_IGN); - error = caph_limit_stdio(); - if (error != 0) { - g_warning("caph_limit_stdio(3) failed: %s", strerror(errno)); + if (limit_stdio_fd(STDIN_FILENO) != 0 || + limit_stdio_fd(STDOUT_FILENO) != 0 || + limit_stdio_fd(STDERR_FILENO) != 0) { signal_emit("capability mode failed", 1, strerror(errno)); return; } From 5c0b4aeb0572827877654b65bb05fb7b37a3117a Mon Sep 17 00:00:00 2001 From: Edward Tomasz Napierala Date: Wed, 11 Oct 2017 23:31:26 +0100 Subject: [PATCH 4/6] Sort Capsicum headers. --- src/core/capsicum.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/core/capsicum.c b/src/core/capsicum.c index 5f2556ab..5647a302 100644 --- a/src/core/capsicum.c +++ b/src/core/capsicum.c @@ -32,13 +32,14 @@ #include "settings.h" #include "signals.h" -#include +#include #include +#include #include #include #include -#include #include +#include #define OPCODE_CONNECT 1 #define OPCODE_GETHOSTBYNAME 2 From 9895e7b28a3767bbe4430cbffd3662b4ef92b37f Mon Sep 17 00:00:00 2001 From: Edward Tomasz Napierala Date: Wed, 11 Oct 2017 23:52:36 +0100 Subject: [PATCH 5/6] Silence down a warning that would appear on "/away" in Capability mode. --- src/core/capsicum.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/core/capsicum.c b/src/core/capsicum.c index 5647a302..568b5542 100644 --- a/src/core/capsicum.c +++ b/src/core/capsicum.c @@ -183,6 +183,10 @@ void capsicum_mkdir_with_parents(const char *path, int mode) char *component, *copy, *tofree; int error, fd, newfd; + /* The directory already exists, nothing to do. */ + if (strcmp(path, irclogs_path) == 0) + return; + /* +1 is for the slash separating irclogs_path and the rest. */ if (strlen(path) <= irclogs_path_len + 1 || path[irclogs_path_len] != '/' || From 711b2d7df7da4a3010214909ed1b260c55f6befa Mon Sep 17 00:00:00 2001 From: Edward Tomasz Napierala Date: Wed, 11 Oct 2017 23:53:41 +0100 Subject: [PATCH 6/6] Document that one needs to change the awaylog_file path for "/away" to work with Capsicum. --- docs/capsicum.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/capsicum.txt b/docs/capsicum.txt index 3093bfe5..a3a1b8a7 100644 --- a/docs/capsicum.txt +++ b/docs/capsicum.txt @@ -7,6 +7,7 @@ or the libraries it depends on. To make Irssi enter capability mode on startup, add capsicum = "yes"; +awaylog_file = "~/irclogs/away.log"; to your ~/.irssi/config and restart the client. Alternatively you can enter it "by hand", using the "/capsicum enter" command. From the security