Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 May 2017 11:43:19 +0000 (UTC)
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r318634 - in head/sys: compat/freebsd32 kern
Message-ID:  <201705221143.v4MBhJer074140@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: emaste
Date: Mon May 22 11:43:19 2017
New Revision: 318634
URL: https://svnweb.freebsd.org/changeset/base/318634

Log:
  disallow open(2) in capability mode
  
  Previously open(2) was allowed in capability mode, with a comment that
  suggested this was likely the case to facilitate debugging. The system
  call would still fail later on, but it's better to disallow the syscall
  altogether.
  
  We now have the kern.trap_enotcap sysctl or PROC_TRAPCAP_CTL proccontrol
  to aid in debugging.
  
  In any case libc has translated open() to the openat syscall since
  r277032.
  
  Reviewed by:	kib, rwatson
  Sponsored by:	The FreeBSD Foundation
  Differential Revision:	https://reviews.freebsd.org/D10850

Modified:
  head/sys/compat/freebsd32/capabilities.conf
  head/sys/kern/capabilities.conf

Modified: head/sys/compat/freebsd32/capabilities.conf
==============================================================================
--- head/sys/compat/freebsd32/capabilities.conf	Mon May 22 11:41:17 2017	(r318633)
+++ head/sys/compat/freebsd32/capabilities.conf	Mon May 22 11:43:19 2017	(r318634)
@@ -188,7 +188,6 @@ renameat
 symlinkat
 unlinkat
 freebsd32_utimensat
-open
 pdfork
 pdgetpid
 pdkill

Modified: head/sys/kern/capabilities.conf
==============================================================================
--- head/sys/kern/capabilities.conf	Mon May 22 11:41:17 2017	(r318633)
+++ head/sys/kern/capabilities.conf	Mon May 22 11:43:19 2017	(r318634)
@@ -460,14 +460,6 @@ unlinkat
 utimensat
 
 ##
-## Allow entry into open(2). This system call will fail, since access to the
-## global file namespace has been disallowed, but allowing entry into the
-## syscall means that an audit trail will be generated (which is also very
-## useful for debugging).
-##
-open
-
-##
 ## Process descriptor-related system calls are allowed.
 ##
 pdfork

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201705221143.v4MBhJer074140>