Date: Tue, 26 Sep 2017 23:21:30 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 222632] Enable Capsicum for connect(2) Message-ID: <bug-222632-8-xUJUn1Xm1o@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-222632-8@https.bugs.freebsd.org/bugzilla/> References: <bug-222632-8@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632 --- Comment #2 from Shawn Webb <shawn.webb@hardenedbsd.org> --- Based on research done by Robert Watson, which isn't referenced anywhere in FreeBSD's official Capsicum documentation, connect(2) isn't ready to be Capsicumized. Note that having CAP_CONNECT documented and referenced with CAP_SOCK_CLIENT in FreeBSD's sys/capsicum.h leads one to believe connect(2) should be available in capabilities mode. This is in addition to the rights(4) manpage. As such, I've reverted the referenced commit. So that leads one to ask the question: how does one properly Capsicumize applications that call connect(2) on an on-demand basis? -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-222632-8-xUJUn1Xm1o>