- Dillo-dev - lists.mailman3.com

Unveil discussion: TO-DO list
by a1ex＠dismail.de July 30, 2024

July 30, 2024

Hi Rodrigo, Here are my initial thoughts on your review. Some of the stuff I will need help with, the rest I can probably manage on my own: On Sun, 28 Jul 2024 22:45:38 +0200 Rodrigo Arias <rodarima(a)gmail.com> wrote: > I recommend you add a configure switch (in configure.ac) to enable or > disable unveil(). By default you can keep it disabled and let the > user enable it manually, until we have more feedback to make it > enabled by default. Maybe by defining ENABLE_UNVEIL? You can take the > --enable-svg and ENABLE_SVG as an example. Ok, I think I can handle that. > You should also make a dillorc configure option to enable/disable the > unveil feature in runtime, so it can help debug problems. You can > make the dillorc option enabled by default, which will only take > action when unveil support has been compiled in. For dillo.cc that shouldn't be too hard. I would probably have more difficulties with with the plugins though. > The download directory is set in the dillorc configuration file, and > can be any other place. Is it viable to read the configuration first > and then unveil the appropriate directory? Got that partially working, but ran in to some challenges, see my earlier message. > You'll want to use the $(sysconfdir) autoconf variable: I can take a look, I didn't really consider portability at all since unveil is exclusive to OpenBSD, and will probably remain that way for some time. > As this won't be a simple patch, I suggest you open a PR in GitHub, > so the CI can compile your patch revisions for multiple platforms and > pass the tests. Otherwise I would have to spend the time to do it > myself. If this patch gets to a point where your concerns here are addressed, I will consider it. > The err() function is non-portable, please use Dillo MSG* macros or > perror() + exit(). This should be caught by the CI. > > Also, ensure the indentation is kept at 3 characters (not my > decision). Ok, that shouldn't be a problem. > You should find wget by locating it in the $PATH, not assuming it > would be here. Users may place their own wget binary somewhere else > and this would break the downloads. Will look at it. This brings up a completely separate question: why is wget hardcoded and not changeable as the downloader, and also has a hardcoded useragent which can't be changed by the user. To me, that's not ideal, and maybe you have some thoughts on it. > The .Xauthority file should be read from $AUTHORITY and then from > there if not set. I will try :) > Not sure if we want to constraint file:// like this. What if we are > using Dillo to read local HTML files in ~/? Would you prefer to just not do any unveil in file.c then? It's probably not a huge risk. > Plugins can also be found on the dpi_dir directory defined by the > user in the .dillo/dpidrc, so we would need to parse it first. I will look at it, but this could be more difficult for me. > I would also protect dpidrc from writing as well as dillorc. Agreed. No problem. Regards, Alex

1 0

Unveil discussion: save_dir
by a1ex＠dismail.de July 30, 2024

July 30, 2024

Hi, I have managed to get dillo.cc to use the 'save_dir' preference to set which download path is unveiled. This was done by moving the unveil call to a point after which prefs are initialized and dillorc is parsed. Here is what the patch looks like: --- dillo.cc Sat Jun 29 16:33:08 2024 +++ dillo.cc Tue Jul 30 14:18:28 2024 @@ -23,6 +23,7 @@ #include <stdio.h> #include <unistd.h> +#include <err.h> #include <stdlib.h> #include <time.h> #include <sys/types.h> @@ -463,6 +464,58 @@ int main(int argc, char **argv) } dLib_show_messages(prefs.show_msg); + // Use unveil on OpenBSD + #ifdef __OpenBSD__ + if (unveil("/usr/local/share/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/share/icons", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/X11R6/share/X11/locale", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/X11R6/lib/X11/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/etc/dillo", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/bin/dpid", "x") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/resolv.conf", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/ssl/cert.pem", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil(prefs.save_dir, "rwc") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + char *icons_loc = dStrconcat(dGethomedir(), "/.icons", NULL); + if (unveil(icons_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(icons_loc); + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + if (unveil(xauth_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(xauth_loc); + #endif + // initialize internal modules a_Dpi_init(); a_Dns_init(); I have tried to do the same for downloads.cc, but haven't quite got it yet. Since prefs are not initialized in downloads.cc, I tried to copy that from dillo.cc, but am getting some linker errors when compliling. I probably missed something obvious. Any ideas? ld: error: undefined symbol: a_Prefs_init >>> referenced by downloads.cc >>> downloads_dpi-downloads.o:(main) mv -f .deps/vsource.Tpo .deps/vsource.Po ld: error: undefined symbol: Paths::init() >>> referenced by downloads.cc >>> downloads_dpi-downloads.o:(main) ld: error: undefined symbol: Paths::getPrefsFP(char const*) >>> referenced by downloads.cc >>> downloads_dpi-downloads.o:(main) ld: error: undefined symbol: PrefsParser::parse(__sFILE*) >>> referenced by downloads.cc >>> downloads_dpi-downloads.o:(main) ld: error: undefined symbol: prefs >>> referenced by downloads.cc >>> downloads_dpi-downloads.o:(main) c++: error: linker command failed with exit code 1 (use -v to see invocation) Here is what I tried: --- downloads.cc Sat Jun 29 16:33:08 2024 +++ downloads.cc Tue Jul 30 15:07:04 2024 @@ -18,6 +18,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <err.h> #include <errno.h> #include <fcntl.h> #include <ctype.h> @@ -42,6 +43,9 @@ #include <FL/Fl_Box.H> #include <FL/Fl_Button.H> +#include "../src/paths.hh" +#include "../src/prefs.h" +#include "../src/prefsparser.hh" #include "config.h" #include "dpiutil.h" #include "../dpip/dpip.h" @@ -1104,6 +1108,48 @@ static void custLabelMeasure(const Fl_Label* o, int& W int main() { int ww = 420, wh = 85; + FILE *fp; + + // set the default values for the preferences + a_Prefs_init(); + + // create ~/.dillo if not present + Paths::init(); + + // parse dillorc + if ((fp = Paths::getPrefsFP(PATHS_RC_PREFS))) { + PrefsParser::parse(fp); + } + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/bin/wget", "x") == -1) { + err(1, "unveil failed"); + } + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + if (unveil(xauth_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(xauth_loc); + if (unveil("/usr/local/share/fonts", "r") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + if (unveil(prefs.save_dir, "rwc") == -1) { + err(1, "unveil failed"); + } + unveil(NULL, NULL); + #endif Fl::lock(); Finally, I tried to also get ftp.c to use the 'save_dir' preference, but had less luck. I think the issue comes from the fact that this is a C program, and the others are C++. I'm wondering, is this whole unveil idea realistic at this point? Maybe I'm just too inexperienced to be doing this work. I am quite willing to keep going, but it will probably involve many more messages to the list with problems similar to the ones above. I don't want to overwhelm the list and devs with my beginner programming mistakes, it feels like I'm placing an unfair burden on you. Regards, Alex

1 0

Updated unveil patch
by a1ex＠dismail.de July 29, 2024

July 29, 2024

Hi, Here is a new patch. I have done quite a bit more work on this and think it may be close to completion. The '~/Downloads' directory has been unveiled to match the behavior of Firefox and Chromium on OpenBSD, but Dillo's default of '/tmp' continues to work as well. I have also made sure everything works fine when there is no ~/.dillo directory, Dillo can create it, and also can access the system defaults in '/usr/local/etc/dillo'. dpid is also now unveiled, as well as all of the stock plugins except hello.dpi, I didn't see any point to that. Here are some other tests which I have run: - Regular browsing works fine - Connect to an FTP site and download a file, also view a text file and view an image - Open a text and image file from /tmp and ~/Downloads - Add/remove bookmarks - Download a file to /tmp and ~/Downloads - Save a page to /tmp and ~/Downloads - View source still works - Fonts and cursor icons are working correctly - data: uri works correctly with text and images So far everything seems to be fine. I will keep testing, but would really appreciate some help with reviewing this, there could be some edge-cases which I missed. Regards, Alex diff -upr a/dpi/bookmarks.c b/dpi/bookmarks.c --- a/dpi/bookmarks.c Sat Jun 29 16:33:08 2024 +++ b/dpi/bookmarks.c Sun Jul 28 16:21:05 2024 @@ -25,6 +25,7 @@ #include <stddef.h> #include <string.h> #include <unistd.h> +#include <err.h> #include <errno.h> #include <ctype.h> #include <sys/socket.h> @@ -1616,6 +1617,16 @@ int main(void) { socklen_t address_size; char *tok; Dsh *sh; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + unveil(NULL, NULL); + #endif /* Arrange the cleanup function for terminations via exit() */ atexit(cleanup); diff -upr a/dpi/cookies.c b/dpi/cookies.c --- a/dpi/cookies.c Sat Jun 29 16:33:08 2024 +++ b/dpi/cookies.c Sun Jul 28 16:21:05 2024 @@ -39,6 +39,7 @@ int main(void) #include <fcntl.h> #include <unistd.h> #include <errno.h> +#include <err.h> #include <stddef.h> #include <string.h> #include <stdlib.h> @@ -1643,6 +1644,16 @@ int main(void) { int sock_fd, code; char *buf; Dsh *sh; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + unveil(NULL, NULL); + #endif /* Arrange the cleanup function for terminations via exit() */ atexit(cleanup); diff -upr a/dpi/datauri.c b/dpi/datauri.c --- a/dpi/datauri.c Sat Jun 29 16:33:08 2024 +++ b/dpi/datauri.c Sun Jul 28 16:21:05 2024 @@ -12,6 +12,7 @@ */ #include <unistd.h> +#include <err.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -289,6 +290,19 @@ int main(void) unsigned char *data; int rc; size_t data_size = 0; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + unveil(NULL, NULL); + #endif /* Initialize the SockHandler */ sh = a_Dpip_dsh_new(STDIN_FILENO, STDOUT_FILENO, 8*1024); diff -upr a/dpi/downloads.cc b/dpi/downloads.cc --- a/dpi/downloads.cc Sat Jun 29 16:33:08 2024 +++ b/dpi/downloads.cc Sun Jul 28 16:21:05 2024 @@ -18,6 +18,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <err.h> #include <errno.h> #include <fcntl.h> #include <ctype.h> @@ -1104,6 +1105,38 @@ static void custLabelMeasure(const Fl_Label* o, int& W int main() { int ww = 420, wh = 85; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/bin/wget", "x") == -1) { + err(1, "unveil failed"); + } + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + if (unveil(xauth_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(xauth_loc); + if (unveil("/usr/local/share/fonts", "r") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + char *dl_loc = dStrconcat(dGethomedir(), "/Downloads", NULL); + if (unveil(dl_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dl_loc); + unveil(NULL, NULL); + #endif Fl::lock(); diff -upr a/dpi/file.c b/dpi/file.c --- a/dpi/file.c Sat Jun 29 16:33:08 2024 +++ b/dpi/file.c Sun Jul 28 16:21:05 2024 @@ -22,6 +22,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <err.h> #include <sys/select.h> #include <sys/socket.h> #include <sys/stat.h> @@ -1070,6 +1071,23 @@ int main(void) socklen_t sin_sz; int sock_fd, c_st, st = 1; + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/tmp", "rw") == -1) { + err(1, "unveil failed"); + } + char *dl_loc = dStrconcat(dGethomedir(), "/Downloads", NULL); + if (unveil(dl_loc, "rw") == -1) { + err(1, "unveil failed"); + } + dFree(dl_loc); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + unveil(NULL, NULL); + #endif + /* Arrange the cleanup function for abnormal terminations */ if (signal (SIGINT, termination_handler) == SIG_IGN) diff -upr a/dpi/ftp.c b/dpi/ftp.c --- a/dpi/ftp.c Sat Jun 29 16:33:08 2024 +++ b/dpi/ftp.c Sun Jul 28 16:21:05 2024 @@ -29,6 +29,7 @@ */ #include <unistd.h> +#include <err.h> #include <sys/types.h> #include <sys/socket.h> #include <sys/un.h> @@ -281,6 +282,28 @@ int main(int argc, char **argv) char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *url2 = NULL; int st, rc; char *p, *d_cmd; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/bin/wget", "x") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + char *dl_loc = dStrconcat(dGethomedir(), "/Downloads", NULL); + if (unveil(dl_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dl_loc); + unveil(NULL, NULL); + #endif + /* wget may need to write a temporary file... */ rc = chdir("/tmp"); diff -upr a/dpi/vsource.c b/dpi/vsource.c --- a/dpi/vsource.c Sat Jun 29 16:33:08 2024 +++ b/dpi/vsource.c Sun Jul 28 16:21:05 2024 @@ -13,6 +13,7 @@ */ #include <unistd.h> +#include <err.h> #include <sys/types.h> #include <stdio.h> #include <stdlib.h> @@ -172,6 +173,16 @@ int main(void) int data_size; char *dpip_tag, *cmd = NULL, *cmd2 = NULL, *url = NULL, *size_str = NULL; char *d_cmd; + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + unveil(NULL, NULL); + #endif _MSG("starting...\n"); //sleep(20); diff -upr a/dpid/main.c b/dpid/main.c --- a/dpid/main.c Sat Jun 29 16:33:08 2024 +++ b/dpid/main.c Sun Jul 28 16:21:30 2024 @@ -19,6 +19,7 @@ #include <errno.h> /* for ckd_write */ #include <unistd.h> /* for ckd_write */ +#include <err.h> #include <stdlib.h> /* for exit */ #include <assert.h> /* for assert */ #include <sys/stat.h> /* for umask */ @@ -236,6 +237,21 @@ int main(void) services_list = NULL; //daemon(0,0); /* Use 0,1 for feedback */ /* TODO: call setsid() ?? */ + + /* Use unveil on OpenBSD */ + #ifdef __OpenBSD__ + if (unveil("/usr/local/lib/dillo", "rx") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/etc/dillo", "r") == -1) { + err(1, "unveil failed"); + } + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + unveil(NULL, NULL); + #endif /* Allow read and write access, but only for the user. * TODO: can this cause trouble with umount? */ diff -upr a/src/dillo.cc b/src/dillo.cc --- a/src/dillo.cc Sat Jun 29 16:33:08 2024 +++ b/src/dillo.cc Sun Jul 28 16:33:29 2024 @@ -23,6 +23,7 @@ #include <stdio.h> #include <unistd.h> +#include <err.h> #include <stdlib.h> #include <time.h> #include <sys/types.h> @@ -396,6 +397,47 @@ int main(int argc, char **argv) srand((uint_t)(time(0) ^ getpid())); + // unveil() + #ifdef __OpenBSD__ + if (unveil("/usr/local/share/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/etc/dillo", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/bin/dpid", "x") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/resolv.conf", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/ssl/cert.pem", "r") == -1) { + err(1, "unveil failed"); + } + char *dl_loc = dStrconcat(dGethomedir(), "/Downloads", NULL); + if (unveil(dl_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dl_loc); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + if (unveil(xauth_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(xauth_loc); + unveil(NULL, NULL); + #endif + // Some OSes exit dillo without this (not GNU/Linux). signal(SIGPIPE, SIG_IGN); // Establish our custom SIGCHLD handler

3 4

Does :hover work in 3.1.1?
by Steinar Bang July 27, 2024

July 27, 2024

Does :hover work in 3.1.1? I am trying to write a JavaScript-less dropdown to switch locale as e.g. outlined here: https://www.w3schools.com/howto/tryit.asp?filename=tryhow_js_responsive_nav… Short story: the dropdown is an ul with "display: none" and hovering over a parent element (that is displayed) is supposed to switch to "display: block". But nothing happens when I hover over the parent. Google found me this, dated August 19 2022, listing pseudo-classes as Pending, but August 19 2022 is almost two years ago...? https://dillo.org/css.html (looks like that "Pending" may be from January 1 2015...?) If :hover doesn't work I will have to do it a different way: maybe with a separate settings page containing a form...? Here is the HTML of the dropdown: <li> <div class="locale-dropdown"> <a href="">Language</a> <ul class="locale-dropdown-content"> <li><a href="">English</a></li> <li><a href="">norsk bokmål</a></li> </ul> </div> </li> (the dropdown is nested in a <li> that is part of the <ul> that forms the <nav>) The CSS looks like this: .locale-dropdown-content { display: none; position: absolute; background-color: #f9f9f9; min-width: 160px; box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.2); z-index: 1; } .locale-dropdown:hover .locale-dropdown-content { display: block; }

2 2

Is CSS inline-block on <ul> supposed to work
by Steinar Bang July 26, 2024

July 26, 2024

dillo 3.1.1, debian 12.6 "bookworm", amd64 I am trying to create a <nav> "powered by" an <ul>: <nav class="image-navbar"> <ul> <li><a href="blah">item 1</a></li> <li><a href="bluh">item 2</a></li> </ul> </nav> But I am unable to make the <ul> render horizontally. Is "display: inline-bloc" supposed to work on dillo 3.1.1? Here's the CSS I've tried: nav.image-navbar { background-color: lightgray; padding-bottom: 10px; } nav.image-navbar ul { list-style-type: none; display: inline-block; vertical-align: top; margin: 0; padding: 0; } nav.image-navbar ul li { float: left; } Thanks! - Steinar

2 2

Unveil Dillo (new patch)
by a1ex＠dismail.de July 25, 2024

July 25, 2024

Hi list, Here is an updated patch which now just does unveil (no pledge). I have tightened up the permissions so that Dillo only has the minimum of filesystem access, just enough so that everything still (hopefully) works. Testers and comments welcome. There probably aren't many OpenBSD users on this list, so I will eventually submit this to the OpenBSD ports list for further review. --- a/src/dillo.cc Thu Jul 25 21:21:14 2024 +++ b/src/dillo.cc Thu Jul 25 21:28:54 2024 @@ -23,6 +23,7 @@ #include <stdio.h> #include <unistd.h> +#include <err.h> #include <stdlib.h> #include <time.h> #include <sys/types.h> @@ -396,6 +397,41 @@ int main(int argc, char **argv) srand((uint_t)(time(0) ^ getpid())); + // unveil() + if (unveil("/usr/local/share/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/tmp", "rw") == -1) { + err(1, "unveil failed"); + } + if (unveil("/usr/local/bin/dpid", "x") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/fonts", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/resolv.conf", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc/ssl/cert.pem", "r") == -1) { + err(1, "unveil failed"); + } + char *dl_loc = dStrconcat(dGethomedir(), "/Downloads", NULL); + if (unveil(dl_loc, "rw") == -1) { + err(1, "unveil failed"); + } + dFree(dl_loc); + char *dil_loc = dStrconcat(dGethomedir(), "/.dillo", NULL); + if (unveil(dil_loc, "rwc") == -1) { + err(1, "unveil failed"); + } + dFree(dil_loc); + char *xauth_loc = dStrconcat(dGethomedir(), "/.Xauthority", NULL); + if (unveil(xauth_loc, "r") == -1) { + err(1, "unveil failed"); + } + dFree(xauth_loc); + // Some OSes exit dillo without this (not GNU/Linux). signal(SIGPIPE, SIG_IGN); // Establish our custom SIGCHLD handler The only small issue I see so far is that the ~/Downloads directory is now hardcoded, and so the 'save_dir' preference in dillorc will need to match. Also note that in order to be able to use Rodrigo's multiple-actions patch with this, or my external link handler patch, you will also need to add: if (unveil("/bin/sh", "x") == -1) { err(1, "unveil failed"); } But that's not really advisable if you are looking for maximum security. EDIT: I just realized we may need to unveil dpid as well. Since it's a separate process, I don't think it inherits the unveil from dillo.cc. For example, when I use the 'Open file...' dialog, I am unable to see the restricted directories. However, when I load 'file:/home/user' in the browser, the contents still show up. Back to the drawing board! I will try to look at that in the next few days if possible. Regards, Alex

1 0

Hardening Dillo with unveil and pledge
by a1ex＠dismail.de July 25, 2024

July 25, 2024

Hi list, I have been experimenting with unveil[1] and pledge[2] on Dillo to reduce possible attack surface. Right now these system calls are exclusive to OpenBSD, but there are projects[3] working to bring them to Linux and other systems. Basically, unveil restricts which areas of the filesystem a program can access, and pledge restricts which system calls the program is allowed to make. [1] https://man.openbsd.org/unveil.2 [2] https://man.openbsd.org/pledge.2 [3] https://justine.lol/pledge/ Initial testing indicates that both of these features are working correctly with Dillo. I am including a patch which provides some basic filesystem protection, and limits Dillo to the minimum amount of syscalls possible. If anyone has questions or comments, they are welcome. Regards, Alex --- a/src/dillo.cc Fri Jun 14 22:27:18 2024 +++ b/src/dillo.cc Sat Jul 20 15:16:42 2024 @@ -24,6 +24,7 @@ #include <stdio.h> #include <unistd.h> +#include <err.h> #include <stdlib.h> #include <time.h> #include <sys/types.h> @@ -397,6 +398,24 @@ int main(int argc, char **argv) FILE *fp; srand((uint_t)(time(0) ^ getpid())); + + // Unveil and Pledge + if (unveil("/usr", "rx") == -1) { + err(1, "unveil failed"); + } + if (unveil("/tmp", "rwc") == -1) { + err(1, "unveil failed"); + } + if (unveil("/etc", "r") == -1) { + err(1, "unveil failed"); + } + if (unveil("/home", "rwc") == -1) { + err(1, "unveil failed"); + } + if (pledge("stdio rpath wpath cpath inet unix dns tty proc prot_exec", + NULL) == -1) { + err(1, "pledge failed"); + } // Some OSes exit dillo without this (not GNU/Linux). signal(SIGPIPE, SIG_IGN);

2 5

[SCRIPT] Run Dillo with a random user agent
by a1ex＠dismail.de July 14, 2024

July 14, 2024

Hi list, Here is a simple script which runs Dillo with a random user agent on each run. I've been using it for a long time with no issues. It would be interesting to have similar functionality built-in to Dillo at some point, at least for me. $ cat rundillo.sh #!/bin/sh # runs dillo with a random user agent, from a list in agents.txt # the ua must be the last line of dillorc, this deletes it: echo -e '$d\nw\nq'| ed ~/.dillo/dillorc # put a random ua line from agents.txt into the last line of dillorc # each line in agents.txt must include http_user_agent='...' cat ~/.dillo/agents.txt | sort -R | head -1 >> ~/.dillo/dillorc # run dillo: dillo ------------------------------- Here is an example 'agents.txt': http_user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0' http_user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0' http_user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0' http_user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0' http_user_agent='Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0' http_user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 14.5; rv:123.0) Gecko/20100101 Firefox/123.0' http_user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 14.5; rv:124.0) Gecko/20100101 Firefox/124.0' http_user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 14.5; rv:125.0) Gecko/20100101 Firefox/125.0' http_user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 14.5; rv:126.0) Gecko/20100101 Firefox/126.0' http_user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 14.5; rv:127.0) Gecko/20100101 Firefox/127.0' ------------------------------ Just make sure there are no blank lines or comments in agents.txt Anyway, hopefully this will be useful to someone. Enjoy :) -Alex

2 6

[PATCH] Toolbar button to control zoom level
by a1ex＠dismail.de July 13, 2024

July 13, 2024

Hi, Here is an updated patch with a better icon and fixed tooltip. Hopefully somebody finds it useful :) diff -u ./pixmaps.h mod/pixmaps.h --- ./pixmaps.h Sat Jul 6 18:03:43 2024 +++ mod/pixmaps.h Sat Jul 6 18:23:27 2024 @@ -1410,6 +1410,28 @@ }; /* XPM */ +static const char *const zoom_xpm[] = { +"16 16 2 1", +" c None", +"@ c gray70", +" ", +" @@@@@@ ", +" @ @ ", +" @ @ ", +" @ @@ @ ", +" @ @@ @ ", +" @ @@ @ ", +" @ @@@@@@@@ @ ", +" @ @@@@@@@@ @ ", +" @ @@ @ ", +" @ @@ @ ", +" @ @@ @ ", +" @ @@@@ ", +" @@@@@@ @@@", +" @@", +" "}; + +/* XPM */ static const char *const new_s_xpm[] = { "11 11 35 1", " c None", diff -u ./ui.cc mod/ui.cc --- ./ui.cc Sat Jul 6 18:26:52 2024 +++ mod/ui.cc Sat Jul 6 18:03:57 2024 @@ -38,7 +38,7 @@ struct iconset { Fl_Image *ImgMeterOK, *ImgMeterBug, - *ImgHome, *ImgReload, *ImgSave, *ImgBook, *ImgTools, + *ImgHome, *ImgReload, *ImgSave, *ImgBook, *ImgTools, *ImgZoom, *ImgClear,*ImgSearch, *ImgHelp, *ImgLeft, *ImgLeftIn, *ImgRight, *ImgRightIn, *ImgStop, *ImgStopIn; }; @@ -51,6 +51,7 @@ new Fl_Pixmap(save_xpm), new Fl_Pixmap(bm_xpm), new Fl_Pixmap(tools_xpm), + new Fl_Pixmap(zoom_xpm), new Fl_Pixmap(new_s_xpm), new Fl_Pixmap(search_xpm), new Fl_Pixmap(help_xpm), @@ -70,6 +71,7 @@ new Fl_Pixmap(save_s_xpm), new Fl_Pixmap(bm_s_xpm), new Fl_Pixmap(tools_s_xpm), + new Fl_Pixmap(zoom_xpm), new Fl_Pixmap(new_s_xpm), standard_icons.ImgSearch, standard_icons.ImgHelp, @@ -356,6 +358,13 @@ wid->y() + wid->h()); } break; + case UI_ZOOM: + if (b == FL_LEFT_MOUSE) { + a_UIcmd_zoom_in(a_UIcmd_get_bw_by_widget(wid)); + } else if (b == FL_RIGHT_MOUSE) { + a_UIcmd_zoom_out(a_UIcmd_get_bw_by_widget(wid)); + } + break; default: break; } @@ -433,6 +442,7 @@ Stop = make_button("Stop", icons->ImgStop, icons->ImgStopIn, UI_STOP); Bookmarks = make_button("Book", icons->ImgBook, NULL, UI_BOOK); Tools = make_button("Tools", icons->ImgTools, NULL, UI_TOOLS); + Zoom = make_button("Zoom", icons->ImgZoom, NULL, UI_ZOOM); Back->set_tooltip("Previous page"); Forw->set_tooltip("Next page"); @@ -442,6 +452,7 @@ Stop->set_tooltip("Stop loading"); Bookmarks->set_tooltip("View bookmarks"); Tools->set_tooltip("Settings"); + Zoom->set_tooltip("Zoom in: left-click, Zoom out: right-click"); } /** diff -u ./ui.hh mod/ui.hh --- ./ui.hh Sat Jul 6 18:03:43 2024 +++ mod/ui.hh Sat Jul 6 18:03:57 2024 @@ -23,6 +23,7 @@ UI_STOP, UI_BOOK, UI_TOOLS, + UI_ZOOM, UI_CLEAR, UI_SEARCH } UIButton; @@ -125,7 +126,7 @@ CustGroupVertical *TopGroup; CustButton *Back, *Forw, *Home, *Reload, *Save, *Stop, *Bookmarks, - *Tools, *Clear, *Search, *Help, *BugMeter, *FileButton; + *Tools, *Zoom, *Clear, *Search, *Help, *BugMeter, *FileButton; CustGroupHorizontal *LocBar, *NavBar, *StatusBar; Fl_Input *Location; CustProgressBox *PProg, *IProg; -Alex

3 4

Option to define external link handler
by a1ex＠dismail.de July 13, 2024

July 13, 2024

Hi Rodrigo and list, Thanks for all the recent improvements! I have one more feature which I would like to propose, or hopefully at least get some guidance with. An option to open a link with an external program. This could be a custom downloader, or whatever else the user wants. Ideally it would be a setting in dillorc, something like: external_downloader="/usr/bin/some_command -x -y -z" And in the right-click Link menu there would be an option to open the link with the external program, something like "Open link with external app". I can envision various workflows, especially repetitive ones, in which this would be a real time-saver. There is nothing really wrong with the built-in downloader, but it's not always ideal. Obviously it's possible to copy the link and use it in whatever program, but that results in extra clicks / key-presses. Is there any interest in a feature like this? I've been looking at the source, but am not really seeing a way to easily replace the current download program (or even where it is defined). If anyone has hints on how to do this, I'd appreciate the help. Or, even better, someone more talented could step up and implement the feature :) Regards, Alex

4 23