https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243252
--- Comment #21 from rozhuk...@gmail.com ---
Base system software uses cap_rights_limit(), but respect user:
/usr/src/contrib/dma/dma-mbox-create.c: if (cap_rights_limit(maildirfd,
&rights) < 0 && errno != ENOSYS)
/usr/src/contrib/tcpdump/tcpdump.c: if (cap_rights_limit(fd, &rights) < 0
&& errno != ENOSYS) {
/usr/src/contrib/traceroute/traceroute.c:
#ifdef WITH_CASPER
cansandbox = true;
#else
if (nflag)
cansandbox = true;
else
cansandbox = false;
#endif
...
/usr/src/contrib/xz/src/xz/file_io.c:
#ifdef HAVE_CAPSICUM
// Capsicum needs FreeBSD 10.0 or later.
cap_rights_t rights;
if (cap_rights_limit(src_fd, cap_rights_init(&rights,
CAP_EVENT, CAP_FCNTL, CAP_LOOKUP, CAP_READ, CAP_SEEK)))
goto error;
/usr/src/crypto/openssh/sandbox-capsicum.c: if
(cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
/usr/src/lib/libutil/pidfile.c:
if (cap_rights_limit(dirfd,
cap_rights_init(&caprights, CAP_UNLINKAT)) < 0 && errno != ENOSYS)
{
goto failed;
}
...
/usr/src/sbin/hastd/subr.c:
#ifdef HAVE_CAPSICUM
capsicum = (cap_enter() == 0);
if (!capsicum) {
pjdlog_common(LOG_DEBUG, 1, errno,
"Unable to sandbox using capsicum");
} else if (res != NULL) {
cap_rights_t rights;
static const unsigned long geomcmds[] = {
DIOCGDELETE,
DIOCGFLUSH
};
PJDLOG_ASSERT(res->hr_role == HAST_ROLE_PRIMARY ||
res->hr_role == HAST_ROLE_SECONDARY);
cap_rights_init(&rights, CAP_FLOCK, CAP_IOCTL, CAP_PREAD,
CAP_PWRITE);
if (cap_rights_limit(res->hr_localfd, &rights) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit capability rights on local
descriptor");
}
if (cap_ioctls_limit(res->hr_localfd, geomcmds,
nitems(geomcmds)) == -1) {
pjdlog_errno(LOG_ERR,
"Unable to limit allowed GEOM ioctls");
}
...
/usr/src/sbin/ping/ping.c: if (cap_rights_limit(srecv, &rights) < 0 &&
errno != ENOSYS)
/usr/src/usr.bin/bsdiff/bspatch/bspatch.c:
#ifndef WITHOUT_CAPSICUM
if (cap_enter() < 0) {
/* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
if (errno != ENOSYS)
err(1, "failed to enter security sandbox");
} else {
/* Capsicum Available */
cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
cap_rights_init(&rights_wr, CAP_WRITE);
cap_rights_init(&rights_dir, CAP_UNLINKAT);
if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
/usr/src/usr.sbin/iscsid/iscsid.c:
error = cap_rights_limit(conn->conn_iscsi_fd, &rights);
if (error != 0 && errno != ENOSYS)
log_err(1, "cap_rights_limit");
So if you decide that cap_rights_limit() "must have" - ensure that other agree
with you and remove WITHO_CAPSICUM/WITHOUT_CAPSICUM from src and base system
software before this patch.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-gecko@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-gecko
To unsubscribe, send any mail to "freebsd-gecko-unsubscr...@freebsd.org"
