Date: Thu, 14 Feb 2013 00:19:42 +0100 From: Jilles Tjoelker <jilles@stack.nl> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-arch@FreeBSD.org Subject: Re: bindat(2) and connectat(2) syscalls for review. Message-ID: <20130213231942.GA94000@stack.nl> In-Reply-To: <20130213230354.GC1375@garage.freebsd.pl> References: <20130213230354.GC1375@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote: > I'd like to commit the following patch: > http://people.freebsd.org/~pjd/patches/bindconnectat.patch > It implements bindat(2) and connectat(2) syscalls that will allow to > manage UNIX domain sockets from within capability mode sandbox. > They work just like any other *at(2) syscall and their prototypes look > like this: > int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen); > int connectat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen); > Where 'fd' is directory descriptor. The only supported socket domain is > PF_LOCAL. > The audit subsystem was updated to audit the new syscalls properly. These calls are inherently limited to PF_LOCAL anyway, so why not go a bit further and accept a pathname instead of a struct sockaddr_un that has an arbitrary limit of 104 bytes? This appears possible because new usrreqs were created. Can the "XXXRW: Revisit this" comments before #bind and #connect in sys/kern/capabilities.conf go away now? -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130213231942.GA94000>