From owner-svn-src-projects@freebsd.org Tue Sep 3 14:06:06 2019 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 95CD7DC200 for ; Tue, 3 Sep 2019 14:06:01 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N7yw6s42z4P5n; Tue, 3 Sep 2019 14:06:00 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1452) id 669EB19FA1; Tue, 3 Sep 2019 14:05:54 +0000 (UTC) X-Original-To: yuripv@localmail.freebsd.org Delivered-To: yuripv@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 6C77EEF04; Mon, 1 Apr 2019 16:16:58 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1B61575FFB; Mon, 1 Apr 2019 16:16:58 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 538) id 0E5DAEF02; Mon, 1 Apr 2019 16:16:58 +0000 (UTC) Delivered-To: src-committers@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 3FA00EEFF; Mon, 1 Apr 2019 16:16:55 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0E2EA75FF8; Mon, 1 Apr 2019 16:16:55 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.codepro.be", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 9857B1DDA3; Mon, 1 Apr 2019 16:16:54 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [10.0.2.193] (ptr-8rh08jzj3mphveqp3q8.18120a2.ip6.access.telenet.be [IPv6:2a02:1811:240e:402:6058:a09a:1f67:6120]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 8BDD830492; Mon, 1 Apr 2019 18:16:52 +0200 (CEST) From: "Kristof Provost" To: rgrimes@freebsd.org Cc: "Andrey V. Elsukov" , "Mateusz Guzik" , src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: Re: svn commit: r345760 - in head: contrib/pf sys/netpfil/pf sbin/pfctl X-Mailer: MailMate (2.0BETAr6135) Message-ID: In-Reply-To: <201904011348.x31Dm86D015297@gndrsh.dnsmgr.net> References: <201904011348.x31Dm86D015297@gndrsh.dnsmgr.net> MIME-Version: 1.0 Precedence: bulk X-Loop: FreeBSD.org Sender: owner-src-committers@freebsd.org X-Rspamd-Queue-Id: 1B61575FFB X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.96 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.956,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] Status: O Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 03 Sep 2019 14:06:06 -0000 X-Original-Date: Mon, 01 Apr 2019 18:16:51 +0200 X-List-Received-Date: Tue, 03 Sep 2019 14:06:06 -0000 On 1 Apr 2019, at 15:48, Rodney W. Grimes wrote: > [ Charset UTF-8 unsupported, converting... ] >> On 01.04.2019 16:30, Rodney W. Grimes wrote: >> It seems it is too late: >> https://marc.info/?l=openbsd-tech&m=155409489427092&w=2 > > I am wondering on the above as it has a date of: > Date: 2019-04-01 5:01:03 > > which would be in line with Kristof's joke. > Yes, OpenBSD are clearly joking as well. >> http://mail-index.netbsd.org/tech-kern/2019/03/29/msg024883.html > This is inline with what is being proposed here, NetBSD has > old rotted code that needs updated. [Disclaimer: I do not speak for NetBSD, and based this on my reading of that thread] NetBSD however are serious. Their situation is slightly different, in that their primary reason is that they don’t have a maintainer for their pf version and it’s suffering from significant bitrot. Our situation is somewhat better. Our pf is maintained and does get bug fixes and improvements. Not as many as I’d like, but there’s something. > Rather than do that work > twice, do it 1.5 times (implementing the same technology in > 2 OS's should be less work than doing it twice.) > > I believe there is grant money avaliable from a non Foundation > source that could be used to do this work. > I’m not at all opposed to updating our pf, but there are a few obstacles (technical: performance, syntax and vimage. Practical: this is a lot of work). If people are interested in that discussion I’d propose someone start a new thread on freebsd-pf@, and I’ll expand on what I think the problems are and what needs to be done. I’d also be interested in knowing what people are looking for from an updated pf in FreeBSD. What are the improvements in OpenBSD that you’d really like to see in FreeBSD? Regards, Kristof From owner-svn-src-projects@freebsd.org Tue Sep 3 14:06:06 2019 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 11403DC220 for ; Tue, 3 Sep 2019 14:06:02 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N7yx5NJBz4P6L; Tue, 3 Sep 2019 14:06:01 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1452) id 8AD0319FC0; Tue, 3 Sep 2019 14:05:54 +0000 (UTC) X-Original-To: yuripv@localmail.freebsd.org Delivered-To: yuripv@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 1B10911815; Mon, 1 Apr 2019 18:17:53 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3B59D831DE; Mon, 1 Apr 2019 18:17:52 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 538) id 11A77117AC; Mon, 1 Apr 2019 18:17:52 +0000 (UTC) Delivered-To: src-committers@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 14D8D117AA for ; Mon, 1 Apr 2019 18:17:49 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BC8CC831D4; Mon, 1 Apr 2019 18:17:48 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 999721A299; Mon, 1 Apr 2019 18:17:48 +0000 (UTC) (envelope-from ngie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x31IHmeA068459; Mon, 1 Apr 2019 18:17:48 GMT (envelope-from ngie@FreeBSD.org) Received: (from ngie@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x31IHm8B068458; Mon, 1 Apr 2019 18:17:48 GMT (envelope-from ngie@FreeBSD.org) Message-Id: <201904011817.x31IHm8B068458@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ngie set sender to ngie@FreeBSD.org using -f From: Enji Cooper To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r345772 - projects/capsicum-test/contrib/capsicum-test X-SVN-Group: projects X-SVN-Commit-Author: ngie X-SVN-Commit-Paths: projects/capsicum-test/contrib/capsicum-test X-SVN-Commit-Revision: 345772 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk X-Loop: FreeBSD.org Sender: owner-src-committers@freebsd.org X-Rspamd-Queue-Id: 3B59D831DE X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; NEURAL_HAM_SHORT(-0.96)[-0.956,0]; ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Status: O X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 03 Sep 2019 14:06:06 -0000 X-Original-Date: Mon, 1 Apr 2019 18:17:48 +0000 (UTC) X-List-Received-Date: Tue, 03 Sep 2019 14:06:06 -0000 Author: ngie Date: Mon Apr 1 18:17:48 2019 New Revision: 345772 URL: https://svnweb.freebsd.org/changeset/base/345772 Log: Fix build for Linux In order for the test to build/run, I needed to add an `Execveat` subclass of `Execve`, then use `TEST_F(..)` for the test in order to leverage `exec_prog_`. This wasn't caught previously, because FreeBSD lacks an execveat(2) call, unlike Linux. Reported by: David Drysdale Pull Request: https://github.com/google/capsicum-test/pull/41 (WIP) Modified: projects/capsicum-test/contrib/capsicum-test/fexecve.cc Modified: projects/capsicum-test/contrib/capsicum-test/fexecve.cc ============================================================================== --- projects/capsicum-test/contrib/capsicum-test/fexecve.cc Mon Apr 1 18:09:26 2019 (r345771) +++ projects/capsicum-test/contrib/capsicum-test/fexecve.cc Mon Apr 1 18:17:48 2019 (r345772) @@ -167,7 +167,12 @@ FORK_TEST_F(FexecveWithScript, CapModeScriptFail) { } #ifdef HAVE_EXECVEAT -TEST(Execveat, NoUpwardTraversal) { +class Execveat : public Execve { + public: + Execveat() : Execve() {} +}; + +TEST_F(Execveat, NoUpwardTraversal) { char *abspath = realpath(exec_prog_, NULL); char cwd[1024]; getcwd(cwd, sizeof(cwd));