openbsd_privdrop.py 0.1.2: add fattr to pledge_promises

oxzi · flashcode · commit e29e77698904 · 2024-08-19T13:41:08.000+02:00
Since WeeChat 4.3.0, the return value of chmod is being checked[0]. This revealed a too strict pledge promise, missing fattr. As an additional change, the level of documentation was increased, including a remainder why read permissions on /home are necessary. [0]: weechat/weechat@2423fdb#diff-b08b83cf9b86fa0f5c4ca579554a7ba593a892fd143526210844a05701e57058
diff --git a/python/openbsd_privdrop.py b/python/openbsd_privdrop.py
@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Alvar Penning <post@0x21.biz>
+# Copyright (c) 2022, 2024 Alvar Penning <post@0x21.biz>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -27,9 +27,17 @@
 #
 # - https://man.openbsd.org/pledge.2
 # - https://man.openbsd.org/unveil.2
+#
+# The config options for the SETTINGS below are:
+# - plugins.var.python.openbsd_privdrop.pledge_promises
+# - plugins.var.python.openbsd_privdrop.pledge_execpromises
+# - plugins.var.python.openbsd_privdrop.unveil
 
 # History:
 #
+# 2024-08-19, Alvar Penning <post@0x21.biz>
+#   version 0.1.2: add fattr to pledge_promises and a bit more documentation
+#
 # 2022-11-09, Alvar Penning <post@0x21.biz>
 #   version 0.1.1: sane defaults for unveil
 #
@@ -45,13 +53,13 @@
 
 SCRIPT_NAME    = "openbsd_privdrop"
 SCRIPT_AUTHOR  = "Alvar Penning <post@0x21.biz>"
-SCRIPT_VERSION = "0.1.1"
+SCRIPT_VERSION = "0.1.2"
 SCRIPT_LICENSE = "ISC"
 SCRIPT_DESC    = "Drop WeeChat's privileges through OpenBSD's pledge(2) and unveil(2)."
 
 SETTINGS = {
         "pledge_promises": (
-            "stdio rpath wpath cpath dpath inet flock unix dns sendfd recvfd tty proc error",
+            "stdio rpath wpath cpath dpath inet fattr flock unix dns sendfd recvfd tty proc error",
             "List of promises for pledge(2).",
             ),
         "pledge_execpromises": (
@@ -64,7 +72,8 @@
                 # This may be tightened, especially if WeeChat is not run as a separate user.
                 "~:rwc",
                 # WeeChat `stat`s /home while building the path to /home/$USER/...
-                # Might be changed if the home directory lies somehwere else.
+                # Might be changed if the home directory lies somewhere else.
+                # This  happens by weechat_mkdir_parents calls, e.g., from logger_create_directory.
                 "/home:r",
                 # Other scripts might load some library or a third-party Python modules later.
                 "/usr/local/lib:r",
