fix(feuille.c): remove pledge stages 1 and 3

Stage 1 was causing issues with the chroot syscall, and, since stage
3 was causing more harm than security in terms of readability, I also
removed it.
This commit is contained in:
Tom MTT. 2022-11-21 14:40:51 +01:00
parent 8f75f88950
commit 601f8e4c24
2 changed files with 2 additions and 195 deletions

183
feuille.1
View file

@ -1,183 +0,0 @@
.\" Automatically generated by Pandoc 2.17.1.1
.\"
.\" Define V font for inline verbatim, using C font in formats
.\" that render this, and otherwise B font.
.ie "\f[CB]x\f[]"x" \{\
. ftr V B
. ftr VI BI
. ftr VB B
. ftr VBI BI
.\}
.el \{\
. ftr V CR
. ftr VI CI
. ftr VB CB
. ftr VBI CBI
.\}
.TH "FEUILLE" "1" "November 2022" "feuille 0.1.0" ""
.hy
.SH NAME
.PP
\f[B]feuille\f[R] - socket-based pastebin
.SH SYNOPSYS
.PP
\f[B]feuille\f[R] [-abfhiopstuUvVw]
.SH DESCRIPTION
.PP
\f[B]feuille\f[R] is a fast, dead-simple socket-based pastebin that
allows a user to send text, logs or code to your server.
It focuses on speed, code quality, and security.
.SH OPTIONS
.TP
\f[B]-a address\f[R]
Sets the address that \f[B]feuille\f[R] will listen on.
If set to \f[V]*\f[R], \f[B]feuille\f[R] will listen on the IPv6 address
\f[V]::\f[R] and enable dual-stack mode, which makes \f[B]feuille\f[R]
listen on both IPv4 and IPv6 addresses (won\[cq]t work on OpenBSD).
Default: \f[V]0.0.0.0\f[R]
.TP
\f[B]-b bytes\f[R]
Sets the buffer size (in bytes) used to receive data from a client.
A smaller buffer means more memory allocations and exchanges with the
connection, while a larger buffer induces less memory allocations but
more loss if not filled completely.
The difference is minimal, no need to worry about it.
Default: \f[V]131072\f[R]B (128KiB)
.TP
\f[B]-f\f[R]
Makes \f[B]feuille\f[R] run in the forground.
Default: runs in the background
.TP
\f[B]-h\f[R]
Displays **feuille*\[cq]s help page.
.TP
\f[B]-i length\f[R]
Sets the minimum ID length in characters.
If a paste with the same ID exists, the length will be increased (for
that paste only).
Default: \f[V]4\f[R] (Maximum: \f[V]254\f[R])
.TP
\f[B]-p port\f[R]
Sets the port that \f[B]feuille\f[R] will listen on.
Default: \f[V]8888\f[R]
.TP
\f[B]-o path\f[R]
Sets the path where \f[B]feuille\f[R] will output the pastes (and
chroot, if possible).
Default: \f[V]/var/www/htdocs/feuille\f[R]
.TP
\f[B]-s bytes\f[R]
Sets the maximum size for every paste (in bytes).
Default: 2097152B (2MiB)
.TP
\f[B]-t seconds\f[R]
Sets the timeout for the client to send the paste (in seconds).
If set to zero, no timeout is set.
(Not recommended.)
Default: \f[V]4\f[R]s
.TP
\f[B]-u\f[R]
Sets the user that will be used when dropping root privileges.
\f[B]Warning\f[R]: requires root privileges.
Default: \f[V]www\f[R]
.TP
\f[B]-U\f[R]
Sets the base URL which will be prepended to the ID and sent to the
client.
You do not need to put a slash at the end.
Default: \f[V]https://my.paste.bin\f[R]
.TP
\f[B]-v\f[R]
Enables verbose mode.
.TP
\f[B]-V\f[R]
Displays \f[B]feuille\f[R]\[cq]s version and authors.
.TP
\f[B]-w\f[R]
Sets the number of processes that will be spawned to handle the
connections.
Those are \f[I]real\f[R] processes, not green / posix threads, you might
not want to set this to a huge number.
Default: the number of threads configured on your machine.
.SH EXAMPLES
.TP
\f[B]sudo feuille\f[R]
Runs feuille in the background, chrooting into
\f[V]/var/www/htdocs/feuille\f[R], dropping root privileges and spawning
worker processes to accept incoming connections.
.TP
\f[B]feuille -p 1337\f[R]
Runs feuille in the background \f[I]without\f[R] root privileges on port
\f[V]1337\f[R].
\f[B]feuille\f[R] won\[cq]t be able to chroot or switch to another user,
and might not be able to write to the default output folder.
.TP
\f[B]feuille -P ./pastebins/\f[R]
Same as before, but this time with a different path:
\f[V]./pastebins/\f[R].
If the folder doesn\[cq]t exist, it is created with the right
permissions.
.TP
\f[B]sudo feuille -U \[lq]https://bin.heimdall.pm\[rq]\f[R]
Runs feuille and sets the base address to
\f[V]https://bin.heimdall.pm\f[R].
.TP
\f[B]sudo feuille -w 1\f[R]
Runs feuille \[lq]single-threaded\[rq].
(Actually, there\[cq]s a main thread that does nothing and a thread that
does the actual work.)
.TP
\f[B]sudo feuille -fvP debug_pastes/\f[R]
Runs feuille in the foreground, with verbose mode enabled, and makes it
output its pastes to the \f[V]debug_pastes/\f[R] folder.
Useful for debugging purposes.
.TP
\f[B]sudo feuille -u nobody\f[R]
Runs feuille using the user \f[V]nobody\f[R], instead of user
\f[V]www\f[R].
.TP
\f[B]sudo feuille -s 8388608\f[R]
Runs feuille with a maximum file size of 8388608 bytes (8MiB).
.TP
\f[B]sudo feuille -t 2\f[R]
Runs feuille with a timeout of 2 seconds.
.SH LOGS
.PP
By default, \f[B]feuille\f[R] runs in the background.
The logs should be located at \f[V]/var/log/messages\f[R], if using a
standard syslog daemon.
\f[B]feuille\f[R] doesn\[cq]t log much, be ready to use the verbose mode
for debugging purposes.
.SH EXIT VALUES
.TP
\f[B]0\f[R]
Success
.TP
\f[B]1\f[R]
Unspecified error
.TP
\f[B]34\f[R]
Specified number is out of range
.TP
\f[B]Other\f[R]
Error has been set by a C function
.SH BUGS
.PP
IPs aren\[cq]t logged.
It\[cq]s not a bug, it\[cq]s a feature.
.PP
Apart from that, none at the moment, as far as I know.
.SH COPYRIGHT
.PP
Copyright \[co] 2022 Tom MTT.
<tom@heimdall.pm> This program is free software, licensed under the
3-Clause BSD License.
See LICENSE for more information.
.SH APPENDICES
.PP
Heavily inspired by fiche (https://github.com/solusipse/fiche).
.PP
I entirely \[lq]rewrote\[rq] fiche from scratch because I wasn\[cq]t
happy with some of its features and its overall code quality.
.SH AUTHORS
Tom MTT. <tom@heimdall.pm>.

View file

@ -83,11 +83,6 @@ void version(void)
*/ */
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
/* pledge stage 1 */
#ifdef __OpenBSD__
pledge("stdio rpath wpath cpath inet chown getpw proc id", "stdio wpath inet");
#endif
/* locale */ /* locale */
setlocale(LC_ALL, ""); setlocale(LC_ALL, "");
@ -297,9 +292,9 @@ int main(int argc, char *argv[])
freopen("/dev/null", "w", stderr); freopen("/dev/null", "w", stderr);
} }
/* pledge stage 2 */ /* OpenBSD-only security measures */
#ifdef __OpenBSD__ #ifdef __OpenBSD__
pledge("stdio proc inet", NULL); pledge("stdio proc inet", "stdio wpath inet");
#endif #endif
/* create a thread pool for incoming connections */ /* create a thread pool for incoming connections */
@ -384,11 +379,6 @@ int main(int argc, char *argv[])
die(errno, "Could not initialize worker n. %d: %s\n", i, strerror(errno)); die(errno, "Could not initialize worker n. %d: %s\n", i, strerror(errno));
} }
/* pledge stage 3 */
#ifdef __OpenBSD__
pledge("stdio", NULL);
#endif
sleep(1); sleep(1);
verbose(1, "all workers have been initialized."); verbose(1, "all workers have been initialized.");