It ships with setuid-root permissions just to mlockall(2) before dropping
privileges; no idea what's going on with Linux, but on OpenBSD this syscall
does not need root, so replace their whole dance with a single #ifdef'd
mlockall() and ship the program default permissions.
I don't use this, but consider upstream's "secure" default actively insecure
and would like to stop packaging one setuid-root program less in our tree.
Feedback? Objection? OK?
Regardless of this, gringotts is already partially broken for me, but
perhaps it still works fine for some users?
Sometimes it segfaults on start, somtimes it starts, but then displays
rectangles instead of letters everywhere:
$ Gringotts версия 1.2.10 (libGringotts 1.2.1)
© 2002 Germano Rizzo <[email protected]>
выпущено под GNU General Public License (GPL) v.2 или более поздней
Смотрите COPYING или http://www.gnu.org/copyleft/gpl.html
(gringotts:86459): Pango-WARNING **: 13:14:44.848: failed to create
cairo scaled font, expect ugly output. the offending font is 'Iosevka
9.9990234375'
(gringotts:86459): Pango-WARNING **: 13:14:44.848: font_face status is:
<unknown error status>
(gringotts:86459): Pango-WARNING **: 13:14:44.848: scaled_font status
is: out of memory
[these two repeat a few times]
(Uninstalling the isoveka fonts makes gringotts show actual text, but then
my Xfce desktop environment shows rectangles instead of letters...)
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/gringotts/Makefile,v
diff -u -p -r1.23 Makefile
--- Makefile 27 Sep 2023 16:34:31 -0000 1.23
+++ Makefile 18 Nov 2023 12:15:33 -0000
@@ -1,7 +1,7 @@
COMMENT= GTK+2 secure notes manager
DISTNAME= gringotts-1.2.10
-REVISION= 4
+REVISION= 5
CATEGORIES= security
MAINTAINER= Pierre-Emmanuel Andre <[email protected]>
@@ -27,5 +27,9 @@ CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/
CONFIGURE_ARGS= --disable-env-check \
--enable-root-filter \
--enable-attach-limit
+
+post-install:
+ # mlockall(2) does not need root privileges
+ chmod -s ${PREFIX}/bin/gringotts
.include <bsd.port.mk>
Index: patches/patch-src_grg_safe_c
===================================================================
RCS file: patches/patch-src_grg_safe_c
diff -N patches/patch-src_grg_safe_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_grg_safe_c 13 Nov 2023 12:36:25 -0000
@@ -0,0 +1,27 @@
+Skip all setuid(2) code to avoid u+s permissions, mlockall(2) still works
+
+Index: src/grg_safe.c
+--- src/grg_safe.c.orig
++++ src/grg_safe.c
+@@ -95,6 +95,13 @@ static gboolean grg_kver_ge (int a, int b, int c) {
+ gboolean
+ grg_mlockall_and_drop_root_privileges(void)
+ {
++#ifdef __OpenBSD__
++ if (mlockall(MCL_CURRENT | MCL_FUTURE) == -1) {
++ g_critical(_("mlockall: %s"), strerror(errno));
++ return FALSE;
++ }
++ return TRUE;
++#else
+ /* drop eventual group root privileges */
+ setgid(getgid());
+ setgid(getgid()); /* twice for counter "saved IDs", cfr. */
+@@ -181,6 +188,7 @@ grg_mlockall_and_drop_root_privileges(void)
+ }
+
+ return TRUE;
++#endif /* __OpenBSD__ */
+ }
+
+ static void
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/gringotts/pkg/PLIST,v
diff -u -p -r1.3 PLIST
--- pkg/PLIST 11 Mar 2022 19:53:26 -0000 1.3
+++ pkg/PLIST 13 Nov 2023 12:41:13 -0000
@@ -1,6 +1,4 @@
-@mode 4555
@bin bin/gringotts
-@mode
share/doc/gringotts/
share/doc/gringotts/FAQ
share/doc/gringotts/README
