From owner-freebsd-arch@FreeBSD.ORG  Wed Feb 13 23:19:46 2013
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@FreeBSD.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 61E28852;
 Wed, 13 Feb 2013 23:19:46 +0000 (UTC) (envelope-from jilles@stack.nl)
Received: from mx1.stack.nl (relay02.stack.nl [IPv6:2001:610:1108:5010::104])
 by mx1.freebsd.org (Postfix) with ESMTP id 158F5730;
 Wed, 13 Feb 2013 23:19:46 +0000 (UTC)
Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131])
 by mx1.stack.nl (Postfix) with ESMTP id 2B938358C5A;
 Thu, 14 Feb 2013 00:19:43 +0100 (CET)
Received: by snail.stack.nl (Postfix, from userid 1677)
 id 0905B2848C; Thu, 14 Feb 2013 00:19:43 +0100 (CET)
Date: Thu, 14 Feb 2013 00:19:42 +0100
From: Jilles Tjoelker <jilles@stack.nl>
To: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Subject: Re: bindat(2) and connectat(2) syscalls for review.
Message-ID: <20130213231942.GA94000@stack.nl>
References: <20130213230354.GC1375@garage.freebsd.pl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20130213230354.GC1375@garage.freebsd.pl>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-arch@FreeBSD.org
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Feb 2013 23:19:46 -0000

On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote:
> I'd like to commit the following patch:

> 	http://people.freebsd.org/~pjd/patches/bindconnectat.patch

> It implements bindat(2) and connectat(2) syscalls that will allow to
> manage UNIX domain sockets from within capability mode sandbox.

> They work just like any other *at(2) syscall and their prototypes look
> like this:

> 	int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
> 	int connectat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);

> Where 'fd' is directory descriptor. The only supported socket domain is
> PF_LOCAL.

> The audit subsystem was updated to audit the new syscalls properly.

These calls are inherently limited to PF_LOCAL anyway, so why not go a
bit further and accept a pathname instead of a struct sockaddr_un that
has an arbitrary limit of 104 bytes? This appears possible because new
usrreqs were created.

Can the "XXXRW: Revisit this" comments before #bind and #connect in
sys/kern/capabilities.conf go away now?

-- 
Jilles Tjoelker