Date: Thu, 14 Feb 2013 23:05:36 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Jilles Tjoelker <jilles@stack.nl> Cc: freebsd-arch@FreeBSD.org Subject: Re: bindat(2) and connectat(2) syscalls for review. Message-ID: <20130214220536.GA1407@garage.freebsd.pl> In-Reply-To: <20130213231942.GA94000@stack.nl> References: <20130213230354.GC1375@garage.freebsd.pl> <20130213231942.GA94000@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 14, 2013 at 12:19:42AM +0100, Jilles Tjoelker wrote: > On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote: > > I'd like to commit the following patch: >=20 > > http://people.freebsd.org/~pjd/patches/bindconnectat.patch >=20 > > It implements bindat(2) and connectat(2) syscalls that will allow to > > manage UNIX domain sockets from within capability mode sandbox. >=20 > > They work just like any other *at(2) syscall and their prototypes look > > like this: >=20 > > int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrl= en); > > int connectat(int fd, int s, const struct sockaddr *addr, socklen_t ad= drlen); >=20 > > Where 'fd' is directory descriptor. The only supported socket domain is > > PF_LOCAL. >=20 > > The audit subsystem was updated to audit the new syscalls properly. >=20 > These calls are inherently limited to PF_LOCAL anyway, so why not go a > bit further and accept a pathname instead of a struct sockaddr_un that > has an arbitrary limit of 104 bytes? This appears possible because new > usrreqs were created. This is an interesting idea, which we discussed with Robert and the conclusion is that struct sockaddr will stay. Moving to pathname is a one-way street and we could imagine some, maybe odd, but possible scenarious where 'fd' doesn't represent directory, but something else, eg. a vimage-based network stack where other domains might be useful. Capabilities in FreeBSD are very young and it seems better not to close too many doors just yet. As for the 104 bytes limit, this is of course not my intention to fix the limit with those syscalls. While it would be a nice side-effect it can't be a reason to select one approach over the other. Also using directory descriptor as a starting point should help to use shorter paths. > Can the "XXXRW: Revisit this" comments before #bind and #connect in > sys/kern/capabilities.conf go away now? This is under discussion:) --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEdX7AACgkQForvXbEpPzSqswCfcBTvtiQU2hZPwOKu/bRqceOI 4TMAn28Tn32PGMyMxJrgRW4n8PMgBQkv =wU8Z -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130214220536.GA1407>