Date: Tue, 26 Sep 2017 23:02:53 +0100 From: Ben Laurie <ben@links.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org> Subject: Re: Capsicum and connect(2) Message-ID: <CAG5KPzwW3jnvLk0ZBqJhqVRQkGSNt5LOYRK=eBcRBMhk4gDQJw@mail.gmail.com> In-Reply-To: <20170926193753.eolxa6lk5qvejtgc@mutt-hbsd> References: <20170926193753.eolxa6lk5qvejtgc@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
ECAPMODE means the syscall is forbidden, surely? On 26 September 2017 at 20:37, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > Hey All, > > I'm working on applying Capsicum to Tor. I've got a PoC design for how > I'm going to do it posted here: > > https://github.com/lattera/PoCs/tree/master/capsicum_fdpassing > > Note that the above code might have ugly spots. It's mostly just a brain > dump. > > Essentially, the child process creates the socket and passes the > socket's file descriptor back to the parent. The socket file descriptor > has the capabilities sets already applied to it before it goes back to > the parent. The socket creation and file descriptor passing seems to > work well. > > However, what isn't working is calling connect(2) on the socket file > descriptor in the parent. errno gets set to ECAPMODE. This is puzzling > to me since CAP_CONNECT is set on the descriptor. > > Any help would be appreciated. > > Thanks, > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > GPG Key ID: 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG5KPzwW3jnvLk0ZBqJhqVRQkGSNt5LOYRK=eBcRBMhk4gDQJw>