Date: Tue, 21 Jan 2014 22:45:11 +0900 From: KAMADA Ken'ichi <kamada@nanohz.org> To: freebsd-security@freebsd.org Subject: Capsicum and sendto(2) Message-ID: <20140121224511WQ%kamada@nanohz.org>
index | next in thread | raw e-mail
Hi, What is the intended behavior of sendto() with non-NULL destination when the capability mode is enabled? If the capability mode is *not* enabled, it is checked against CAP_CONNECT in kern_sendit() @ uipc_syscall.c. This matches the explanation in the rights(4) manual page. However, if the capability mode is enabled, it is always rejected in sendit(). Is this intended? Best regards, Kenhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140121224511WQ%kamada>