[Bug 212083] capsicum lacks compat32 support

bugzilla-noreply Tue, 23 Aug 2016 13:28:15 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212083


            Bug ID: 212083
           Summary: capsicum lacks compat32 support
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: ema...@freebsd.org

compat32 support for capsicum is currently stubbed out -- from
compat/freebsd32/freebsd32_capability.c:

int
freebsd32_cap_enter(struct thread *td,
    struct freebsd32_cap_enter_args *uap)
{

        /*
         * We do not have an equivalent of capabilities.conf for freebsd32
         * compatibility, so do not allow capability mode for now.
         */
        return (ENOSYS);
}

as the typical usage is something like:

if (cap_enter() < 0 && errno != ENOSYS)
        die_with_error();

binaries using compat32 will silently avoid being sandboxed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

[Bug 212083] capsicum lacks compat32 support

Reply via email to