From owner-freebsd-security@freebsd.org Tue Sep 26 19:38:05 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 79EDCE16CD0 for ; Tue, 26 Sep 2017 19:38:05 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-wr0-x231.google.com (mail-wr0-x231.google.com [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0AD35731C4 for ; Tue, 26 Sep 2017 19:38:05 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-wr0-x231.google.com with SMTP id w12so14082684wrc.7 for ; Tue, 26 Sep 2017 12:38:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:subject:message-id:mime-version:content-disposition :user-agent; bh=MOuoyaCkWNtGReyzWdraLaSTNI3IfcSL6vPlZfXwrRI=; b=jEdc0BV2wQN6ic2PToqvOhy0MKScrD2NkEhuODWqZDCEc4uJk32YJAWNj88uxV0a46 RswNaLXiC7FMtAt1NuXHzUH4agb71NHONRPv5bVByo+S3PfuII6Kta7rXKI+1JPEd0eb jVG2FFZrpAsOgg3ki9D9AApZ+a5tWRSuLRWRUfLuLPyyC1NtHJ6sFQ2DRVB9Kl5xXRpi 0NRziHsUl0D3vfEmKNJQ8opbdPseey8s5PJtTeGxnfozeTNuiryTuJiPDShY+nWvKbZJ U/N8DLRwQcoY3n7AL+4/X9E0N/IyjQcvl3TLMvP8QKIje8ncQTuD72RRcRVU0rZw/8ls x75A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition:user-agent; bh=MOuoyaCkWNtGReyzWdraLaSTNI3IfcSL6vPlZfXwrRI=; b=lskmWAuSsoIM9L+xcIRpguTBues0s83LE9XGb2Mmyr0TZeWtkkhfwKY/Mu5Kk8Rtyc MfJI/3w8GKvNe7DdVuJ3GgkeucWrRtPHV1unlk/dvlGCxDJosBHyPxsXsIcQOzip5AZG j5UUpMyId0bDIQfwoIGnj+8bzq4iGnKne9VuNYuXSUWLFHT60erUU5ToP9gyesm87Plm bF1x6cK2YsPW49WsuCJHOWtiTYIlDvujDYSubjATIEnoci4QT6gtXAxsDiWka3B1byMZ bkZrEFAcOKeDcMDrqqVJHlj//TBgPi69YVAQzEr12guM78L40YmMkENtX5fEs2lbx01s df1g== X-Gm-Message-State: AHPjjUgUkP3OyJsZ1eTs43Owh5Rixv0USy0TX4zV7/qWN+JT6Vi1MS82 3POjo/+TIK03PnUP07SJUpfqmzBYs+se+X69DqWiMLVUXyZ0uHlYjIEZdxmrQLpXDmPb3e6DbFL lqz0cmXy8rLpklxqz4GLlYhLyAm6VUYgzV5Qh0D1SS2NnPgHvygvXzIVl4qUTL2GymERPTl92Oi bnoypNQaZP X-Google-Smtp-Source: AOwi7QDlEl8NbWG3ch5iDELYDdEtpZ0c7tZvf7inlixeSnoBtEJDMPYZkj6zQh4wLXoEPo+mrYLSwg== X-Received: by 10.223.182.71 with SMTP id i7mr9360452wre.43.1506454683025; Tue, 26 Sep 2017 12:38:03 -0700 (PDT) Received: from mutt-hbsd ([91.223.82.156]) by smtp.gmail.com with ESMTPSA id x5sm5704577wre.18.2017.09.26.12.37.59 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 26 Sep 2017 12:38:02 -0700 (PDT) Date: Tue, 26 Sep 2017 15:37:53 -0400 From: Shawn Webb To: freebsd-security@freebsd.org Subject: Capsicum and connect(2) Message-ID: <20170926193753.eolxa6lk5qvejtgc@mutt-hbsd> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wkj2rsx7jlinq6vs" Content-Disposition: inline X-Operating-System: FreeBSD mutt-hbsd 12.0-CURRENT FreeBSD 12.0-CURRENT X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: NeoMutt/20170912 (1.9.0) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 19:38:05 -0000 --wkj2rsx7jlinq6vs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey All, I'm working on applying Capsicum to Tor. I've got a PoC design for how I'm going to do it posted here: https://github.com/lattera/PoCs/tree/master/capsicum_fdpassing Note that the above code might have ugly spots. It's mostly just a brain dump. Essentially, the child process creates the socket and passes the socket's file descriptor back to the parent. The socket file descriptor has the capabilities sets already applied to it before it goes back to the parent. The socket creation and file descriptor passing seems to work well. However, what isn't working is calling connect(2) on the socket file descriptor in the parent. errno gets set to ECAPMODE. This is puzzling to me since CAP_CONNECT is set on the descriptor. Any help would be appreciated. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --wkj2rsx7jlinq6vs Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlnKrI4ACgkQaoRlj1JF bu5Qxw/9H+ugIwe2NcbsK8smTsw4JLLMlnHURGQWXNWE7qIXOpkVBRlMW6pbwiX1 3l4Te7VYJhBqsMIhdj4ekf9uPmAQDpFO65Q5e2uPF6FN3cg4iMp6hcIL1mNzeBo4 xvAGyEvqipMZBlIH5N/MYQ3WC5cdp3rJDvdYla46AAn0jSRP3VCjKNQDa7LgrO5R ZIA/8d8Ifa5FWHgIYoHbdyyflfqxaf60zQ2R/D1W3kKzSWvCmQEXvyqmJE8JLgnz 0nqzUKFmApAmExxepU7HTSjoP09A4o0X6f7FxpnrJW8JqONN+7MjUbsymKPRmAKl mFJsNFuC9crcTpCMCE3DKUoq9Hreofpp9U4mqGMIfO2Aur8elo9jhqDyb4gIn2bh 5cwdQHWESirGdCQ1TT8rkGLvdFXiiXc7CS/NQhwkBbKqX2UNlAlLTpHMM93rMSWS QRaPBERQlbe6RbsivkG7iBWuqIz+1mpK7Ozatc+R5cB25eInjR36utp10VFDih3p iPt9VGkfZbKNbSf1t50uJk2llFEHjQPFMLLhVMhtTGVeEPzGufMmoZbW351rlS2b l9Qurrx5yDRjpu6M1lr4oUWXhJSXEJCLuY+bgS02B+nKJj4h9b22FCZjKtTV+vwO pXxfHU5Y6U791/D5+OLsHMYsd/nMvtpjA85TPwGx5J7Fh8kruxE= =hkk5 -----END PGP SIGNATURE----- --wkj2rsx7jlinq6vs--