Date: Fri, 15 Sep 2017 20:05:55 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r323622 - head/lib/libc/sys Message-ID: <201709152005.v8FK5tT1046866@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Fri Sep 15 20:05:55 2017 New Revision: 323622 URL: https://svnweb.freebsd.org/changeset/base/323622 Log: open(2): update ENOTCAPABLE description for .. lookups After r308212 Capsicum permits .. lookups in capability mode, as long as path component traversal does not escape the directory corresponding to the provided file descriptor. We should add a description of the vfs.lookup_cap_dotdot and vfs.lookup_cap_dotdot_nonlocal sysctls, perhaps as a cross-reference to capsicum(4). I intend to look at that soon. Reviewed by: bjk, cem, kib MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D12343 Modified: head/lib/libc/sys/open.2 Modified: head/lib/libc/sys/open.2 ============================================================================== --- head/lib/libc/sys/open.2 Fri Sep 15 19:56:21 2017 (r323621) +++ head/lib/libc/sys/open.2 Fri Sep 15 20:05:55 2017 (r323622) @@ -28,7 +28,7 @@ .\" @(#)open.2 8.2 (Berkeley) 11/16/93 .\" $FreeBSD$ .\" -.Dd November 22, 2016 +.Dd September 15, 2017 .Dt OPEN 2 .Os .Sh NAME @@ -487,7 +487,9 @@ is specified and the process is in capability mode. was called and the process is in capability mode. .It Bq Er ENOTCAPABLE .Fa path -is an absolute path or contained "..". +is an absolute path or contained a ".." component leading to a +directory outside of the directory hierarchy specified by +.Fa fd . .El .Sh SEE ALSO .Xr chmod 2 ,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709152005.v8FK5tT1046866>