[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 Li-Wen Hsu changed: What|Removed |Added CC||lw...@freebsd.org Assignee|

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 Ed Maste changed: What|Removed |Added CC||n...@freebsd.org --- Comment #28 from E

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #27 from Jan Kokemüller --- This is a good idea! However, I'm not interested in signing the Google CLA at the moment. One thing to be aware of: the test depends on some FreeBSD implementation details to see if the syscall was b

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #26 from Ed Maste --- I'd like to see the new test also added to the capsicum-test project, https://github.com/google/capsicum-test Jan, are you interested in adapting the test and submitting it as a pull request there? -- Yo

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #25 from Ed Maste --- I think we still need to revisit CAP_BIND / CAP_CONNECT, but this should now be consistent and behave as expected. -- You are receiving this mail because: You are the assignee for the bug. ___

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #24 from commit-h...@freebsd.org --- A commit references this bug: Author: emaste Date: Mon Apr 30 17:31:07 UTC 2018 New revision: 333120 URL: https://svnweb.freebsd.org/changeset/base/333120 Log: Disable connectat/bindat wit

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 Ed Maste changed: What|Removed |Added Keywords|easy, feature | -- You are receiving this mail becaus

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #23 from commit-h...@freebsd.org --- A commit references this bug: Author: emaste Date: Mon Apr 30 17:16:18 UTC 2018 New revision: 333119 URL: https://svnweb.freebsd.org/changeset/base/333119 Log: Clarify bindat/connectat use

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #22 from Jan Kokemüller --- Thank you for having a look! I've rebased the patch to current head as jhb also added a test for capsicum in the meantime and the Makefile was conflicting. I've posted a review here: https://reviews.

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #21 from Ed Maste --- (In reply to Jan Kokemüller from comment #18) * There's a capsicum-test project where this test could also be added. That said, until or unless we import capsicum-test into FreeBSD or are able to run it au

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #20 from Brooks Davis --- (In reply to Jan Kokemüller from comment #19) This patch did get buried. I've looked it over and it seems correct, but I'm not a capsicum expert. It might help to post to patch to reviews.freebsd.org

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #19 from Jan Kokemüller --- Has anybody had a chance to look at this yet (disabling connectat/bindat in capabilities mode when called with AT_FDCWD)? Should I open a new bug report? Right now it's possible to communicate with o

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 Mark Linimon changed: What|Removed |Added Keywords||patch -- You are receiving this ma

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #18 from Jan Kokemüller --- Created attachment 187942 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=187942&action=edit Disallow connectat/bindat AT_FDCWD in capabilities mode Here is a patch that disables connectat/

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #17 from Shawn Webb --- (In reply to Kubilay Kocak from comment #16) That particular change was reverted once I read more of Robert Watson's papers on Capsicum, in particular detailing why connect(2) was deliberately not allowed

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #16 from Kubilay Kocak --- (In reply to Ed Maste from comment #15) Set in the URL field in this issue and Shawn referred to it in comment 1 I understand based on the discussion that it may or may not be the final set of change

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #15 from Ed Maste --- (In reply to Kubilay Kocak from comment #14) Which upstream commit are you referring to? -- You are receiving this mail because: You are the assignee for the bug. _

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 Kubilay Kocak changed: What|Removed |Added Keywords||easy, feature, needs-qa,

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 Jan Kokemüller changed: What|Removed |Added CC||jan.kokemuel...@gmail.com --- Com

[Bug 222632] connect(2) not available in capability mode

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 Ed Maste changed: What|Removed |Added Summary|Enable Capsicum for |connect(2) not available in