Date: Sat, 8 Dec 2018 01:11:10 +0200 From: Konstantin Belousov <kostikbel@gmail.com> To: John Baldwin <jhb@FreeBSD.org> Cc: cem@freebsd.org, src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys Message-ID: <20181207231110.GJ52540@kib.kiev.ua> In-Reply-To: <4bcd78df-fb28-1c69-c51e-a50b55c50b1b@FreeBSD.org> References: <201812071517.wB7FHTiI035911@repo.freebsd.org> <e9e457ed-00f5-705e-55ea-1ad602f34ef0@FreeBSD.org> <20181207174757.GI52540@kib.kiev.ua> <f88691bd-0efb-e49d-8486-1405c5eb11dc@FreeBSD.org> <CAG6CVpW4_=GhLnRktA0uzji0EykrwND-dSDjrz2kHgK3MycO3g@mail.gmail.com> <4bcd78df-fb28-1c69-c51e-a50b55c50b1b@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 07, 2018 at 11:34:50AM -0800, John Baldwin wrote: > On 12/7/18 10:59 AM, Conrad Meyer wrote: > > On Fri, Dec 7, 2018 at 10:05 AM John Baldwin <jhb@freebsd.org> wrote: > >> The > >> requirement for root mostly mitigates this when root vs not-root is your > >> only privilege. However, a capsicum vs non-capsicum process is a more > >> recent privilege that is orthogonal to root vs non-root. It might be that > >> allowing a capsicumized root to create links to files that were intentionally > >> unlinked by a non-capsicumized root would be the same problem. > > > > None of these syscalls were added to sys/kern/capabilities.conf, so I > > think a capsicum-contained root cannot use them anyway. Maybe I > > misunderstand how capabilities.conf works, though. > > Ok. FWIW fhopenat(2) was added to capabilities.conf in the original submission.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20181207231110.GJ52540>