From: Tobias Heider Subject: Re: kern_pledge, allow sysctl hw.model & hw.cpuspeed To: Fabien Romano Cc: tech@openbsd.org Date: Thu, 20 Jun 2024 22:03:01 +0200 On Thu, Jun 20, 2024 at 08:50:21PM +0100, Fabien Romano wrote: > I would like to sandbox my electron (chromium based) stuff but many nodejs > modules around use something like : > var CPU_COUNT = Math.max(os.cpus().length, 1); > > That's really sad there is no proper os.ncpu() implementation. > Furthermore, those module come from a package manager (npm, yarn, pnpm) so it's > very painfull to patch everything again and again. > > The problem is os.cpus() need hw.model & hw.cpuspeed but both are not available > under pledge(). I can consider patching node itself but I have no idea what to > use instead of those sysctl and even if I do there may be some modules in the > wild which use the data and not only the length (who knows ... maybe someone use > os.cpus() for what it is). > > I think my justification isn't very good as there is only two softwares > (furthermore, wip only) which need it (atm). Anyway I would like to know if this > can be considered in the future or maybe right now. > > Is it an issue to allow those two sysctl ? > > My work on sandboxing is still in early stage ... while there, I also encounter > a mlock(2) in signal-desktop/better-sqlite/sqlcipher. From my understanding this > syscall is about wiring page and not about concurrencies. I guess this is for > performance reasons so I disabled the feature at compilation time. > Am I wrong ? Those properties will not change at runtime so the better way to deal with this would be reading them once at the start of the program before any privileges are dropped and then using that value where needed instead of softening the pledge promise. > > > Index: kern_pledge.c > =================================================================== > RCS file: /cvs/src/sys/kern/kern_pledge.c,v > diff -u -p -r1.316 kern_pledge.c > --- kern_pledge.c 3 Jun 2024 03:41:47 -0000 1.316 > +++ kern_pledge.c 19 Jun 2024 21:48:15 -0000 > @@ -966,11 +966,13 @@ pledge_sysctl(struct proc *p, int miblen > case CTL_HW: > switch (mib[1]) { > case HW_MACHINE: /* uname() */ > case HW_PAGESIZE: /* getpagesize() */ > case HW_PHYSMEM64: /* hw.physmem */ > case HW_NCPU: /* hw.ncpu */ > case HW_NCPUONLINE: /* hw.ncpuonline */ > case HW_USERMEM64: /* hw.usermem */ > + case HW_MODEL: /* hw.model */ > + case HW_CPUSPEED: /* hw.cpuspeed */ > return (0); > } > break; >