On Fri, Dec 07, 2018 at 11:34:50AM -0800, John Baldwin wrote: > On 12/7/18 10:59 AM, Conrad Meyer wrote: > > On Fri, Dec 7, 2018 at 10:05 AM John Baldwin <j...@freebsd.org> wrote: > >> The > >> requirement for root mostly mitigates this when root vs not-root is your > >> only privilege. However, a capsicum vs non-capsicum process is a more > >> recent privilege that is orthogonal to root vs non-root. It might be that > >> allowing a capsicumized root to create links to files that were > >> intentionally > >> unlinked by a non-capsicumized root would be the same problem. > > > > None of these syscalls were added to sys/kern/capabilities.conf, so I > > think a capsicum-contained root cannot use them anyway. Maybe I > > misunderstand how capabilities.conf works, though. > > Ok.
FWIW fhopenat(2) was added to capabilities.conf in the original submission. _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
