Chromium: now with OpenBSD pledge(2)

Contributed by tj on 2016-01-07 from the now-even-shinier dept.

Robert Nagy (robert@) has integrated quite a few patches to the OpenBSD port of the Chromium browser since its addition to the tree, but the latest one is quite significant. In his recent commit, pledge(2) support has been added.

CVSROOT:	/cvs
Module name:	ports
Changes by:	robert@cvs.openbsd.org	2016/01/06 14:46:44

Modified files:
	www/chromium   : Makefile 
	www/chromium/patches: patch-base_sys_info_openbsd_cc 
	                      patch-content_content_common_gypi 
	                      patch-content_gpu_gpu_main_cc 
	                      patch-content_renderer_renderer_main_platform_delegate_linux_cc 
Added files:
	www/chromium/patches: 
	                      patch-content_common_sandbox_init_openbsd_cc 
	                      patch-content_common_sandbox_init_openbsd_h 
	                      patch-content_ppapi_plugin_ppapi_thread_cc 
	                      patch-content_renderer_renderer_main_cc 
	                      patch-content_utility_utility_main_cc 
	                      patch-device_battery_battery_gyp 

Log message:
pledge(2) the chromium processes;

The renderer, gpu, plugin and utility processes are now using pledge(2)
Unfortunately the GPU process only requires an rpath pledge because of
Mesa trying to parse two configuration files, /etc/drirc and ${HOME}/.drirc
So currently the GPU process will use an rpath pledge in the next
week or so so that people can test, but this situation has to be
resolved because it is not acceptable that a mostly unused configuration
file is being parsed from a library and that stops us from using less
pledges and thus disallowing the GPU process to have read access
to the filsystem ... like your ssh keys.

Chromium is one of the first bigger ports to receive the pledge treatment, following some compression tools a few months ago. Note that you will need a recent kernel for this to work. Stay tuned for further improvements in this space!

UPDATE: the rpath pledge has been removed.

(Comments are closed)

By Anonymous Coward () on 2016-01-11 03:53

Was this accapted upstream or is this a personal effort of the Project (aka: People need to maintain it permanently..).

I ask because it would change some concepts.
1. By Theo de Raadt () on 2016-01-11 07:03
  
  > Was this accapted upstream or is this a personal effort of the Project (aka: People need to maintain it permanently..).
  >
  > I ask because it would change some concepts.
  
  The patch places tiny pledge calls at the intended locations in the Chrome sandbox model. There probably is no technical reason against upstreaming it. I get the feeling you didn't read the patch.

Latest Articles

Fri, Aug 24
- 14:55 OpenBSD Foundation gets first 2018 Iridium donation! (1)
- 02:49 Disable SMT/Hyperthreading in all Intel BIOSes (3)
Tue, Aug 21
- 19:19 Fix for L1TF issue in Intel CPUs committed (0)
Wed, Aug 15
- 07:04 Theo on the latest Intel issues (4)
Tue, Aug 14
- 08:04 Video of Interactive OpenBSD Porting Workshop (1)
Mon, Aug 13
- 13:39 arm64 gains RETGUARD (0)
Sun, Aug 12
- 10:04 Happy Bob's Libtls tutorial (0)
Fri, Aug 10
- 13:12 mandoc-1.14.4 released (0)
- 07:54 X11 on really small devices (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]