Date: Mon, 30 Apr 2018 17:31:12 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 222632] connect(2) not available in capability mode Message-ID: <bug-222632-227-807UaTcfYy@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-222632-227@https.bugs.freebsd.org/bugzilla/> References: <bug-222632-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222632 --- Comment #24 from commit-hook@freebsd.org --- A commit references this bug: Author: emaste Date: Mon Apr 30 17:31:07 UTC 2018 New revision: 333120 URL: https://svnweb.freebsd.org/changeset/base/333120 Log: Disable connectat/bindat with AT_FDCWD in capmode Previously it was possible to connect a socket (which had the CAP_CONNECT right) by calling "connectat(AT_FDCWD, ...)" even in capabilties mode. This combination should be treated the same as a call to connect (i.e. forbidden in capabilities mode). Similarly for bindat. Disable connectat/bindat with AT_FDCWD in capabilities mode, fix up the documentation and add tests. PR: 222632 Submitted by: Jan Kokem?ller <jan.kokemueller@gmail.com> Reviewed by: Domagoj Stolfa MFC after: 1 week Relnotes: Yes Differential Revision: https://reviews.freebsd.org/D15221 Changes: head/share/man/man4/rights.4 head/sys/kern/uipc_syscalls.c head/tests/sys/capsicum/Makefile head/tests/sys/capsicum/bindat_connectat.c --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-222632-227-807UaTcfYy>