From owner-svn-src-head@freebsd.org Fri Sep 15 20:05:56 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2739E069FB; Fri, 15 Sep 2017 20:05:56 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AC683768E2; Fri, 15 Sep 2017 20:05:56 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v8FK5tvO046867; Fri, 15 Sep 2017 20:05:55 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v8FK5tT1046866; Fri, 15 Sep 2017 20:05:55 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201709152005.v8FK5tT1046866@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Fri, 15 Sep 2017 20:05:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r323622 - head/lib/libc/sys X-SVN-Group: head X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: head/lib/libc/sys X-SVN-Commit-Revision: 323622 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Sep 2017 20:05:57 -0000 Author: emaste Date: Fri Sep 15 20:05:55 2017 New Revision: 323622 URL: https://svnweb.freebsd.org/changeset/base/323622 Log: open(2): update ENOTCAPABLE description for .. lookups After r308212 Capsicum permits .. lookups in capability mode, as long as path component traversal does not escape the directory corresponding to the provided file descriptor. We should add a description of the vfs.lookup_cap_dotdot and vfs.lookup_cap_dotdot_nonlocal sysctls, perhaps as a cross-reference to capsicum(4). I intend to look at that soon. Reviewed by: bjk, cem, kib MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D12343 Modified: head/lib/libc/sys/open.2 Modified: head/lib/libc/sys/open.2 ============================================================================== --- head/lib/libc/sys/open.2 Fri Sep 15 19:56:21 2017 (r323621) +++ head/lib/libc/sys/open.2 Fri Sep 15 20:05:55 2017 (r323622) @@ -28,7 +28,7 @@ .\" @(#)open.2 8.2 (Berkeley) 11/16/93 .\" $FreeBSD$ .\" -.Dd November 22, 2016 +.Dd September 15, 2017 .Dt OPEN 2 .Os .Sh NAME @@ -487,7 +487,9 @@ is specified and the process is in capability mode. was called and the process is in capability mode. .It Bq Er ENOTCAPABLE .Fa path -is an absolute path or contained "..". +is an absolute path or contained a ".." component leading to a +directory outside of the directory hierarchy specified by +.Fa fd . .El .Sh SEE ALSO .Xr chmod 2 ,