From owner-freebsd-bugs@FreeBSD.ORG Wed Jan 1 06:20:00 2014 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BB4543E8 for ; Wed, 1 Jan 2014 06:20:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 963481AF8 for ; Wed, 1 Jan 2014 06:20:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s016K0iL007133 for ; Wed, 1 Jan 2014 06:20:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id s016K0kc007132; Wed, 1 Jan 2014 06:20:00 GMT (envelope-from gnats) Resent-Date: Wed, 1 Jan 2014 06:20:00 GMT Resent-Message-Id: <201401010620.s016K0kc007132@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jan Beich Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 430D32F5 for ; Wed, 1 Jan 2014 06:12:09 +0000 (UTC) Received: from oldred.freebsd.org (oldred.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 14DD61AC9 for ; Wed, 1 Jan 2014 06:12:09 +0000 (UTC) Received: from oldred.freebsd.org ([127.0.1.6]) by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id s016C8c0043407 for ; Wed, 1 Jan 2014 06:12:08 GMT (envelope-from nobody@oldred.freebsd.org) Received: (from nobody@localhost) by oldred.freebsd.org (8.14.5/8.14.5/Submit) id s016C8Kn043386; Wed, 1 Jan 2014 06:12:08 GMT (envelope-from nobody) Message-Id: <201401010612.s016C8Kn043386@oldred.freebsd.org> Date: Wed, 1 Jan 2014 06:12:08 GMT From: Jan Beich To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: kern/185384: [libcapsicum] cap_init(3) doesn't work in multiuser environment X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jan 2014 06:20:00 -0000 >Number: 185384 >Category: kern >Synopsis: [libcapsicum] cap_init(3) doesn't work in multiuser environment >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jan 01 06:20:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Jan Beich >Release: >Organization: >Environment: >Description: While r259581 enabled casperd(8) by default the socket it creates is owned by root and cannot be written to by anyone else. An existing consumer that tries to contact it via cap_init(3) under non-root would fail with a warning like tcpdump: WARNING: unable to contact casperd However, casperd(8) manpage hints -S and -P options can be used to start the daemon with non-default paths. This doesn't seem to work as expected because cap_init(3) hardcodes CASPER_SOCKPATH. >How-To-Repeat: $ ktrace ls >/dev/null $ kdump -r >/dev/null kdump: unable to contact casperd: Permission denied $ sudo tcpdump -w foo -i my0 $ tcpdump -r foo >/dev/null reading from file foo, link-type EN10MB (Ethernet) tcpdump: WARNING: unable to contact casperd ^C $ ps lwp $(pgrep casper) UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND 0 851 1 0 20 0 22788 1988 select Is - 0:00.00 /sbin/casperd 0 850 1 0 20 0 22788 1984 select I v0- 0:00.00 casperd: zygote (casperd) >Fix: A trivial workaround for use after login # put into ~/.profile or /etc/profile : ${CASPERD_DIR:=/tmp/casperd-$(id -u)} mkdir -p $CASPERD_DIR casperd -P $CASPERD_DIR/default.pid -S $CASPERD_DIR/default.socket export CASPER_SOCKPATH=$CASPERD_DIR/default.socket --- getenv_sockpath.diff begins here --- Index: lib/libcapsicum/libcapsicum.3 =================================================================== --- lib/libcapsicum/libcapsicum.3 (revision 260159) +++ lib/libcapsicum/libcapsicum.3 (working copy) @@ -218,6 +218,16 @@ The and .Fn cap_unwrap functions always succeed. +.Sh ENVIRONMENT +.Bl -tag -width ".Ev CASPER_SOCKPATH" +.It Ev CASPER_SOCKPATH +Specifies the path to +.Xr unix 4 +domain socket used to communicate with the +.Xr casperd 8 +daemon. If not set, +.Pa /var/run/casper +is used. .Sh EXAMPLES The following example first opens capability to the .Xr casperd 8 Index: lib/libcapsicum/libcapsicum.c =================================================================== --- lib/libcapsicum/libcapsicum.c (revision 260159) +++ lib/libcapsicum/libcapsicum.c (working copy) @@ -76,7 +76,7 @@ cap_init(void) bzero(&sun, sizeof(sun)); sun.sun_family = AF_UNIX; - strlcpy(sun.sun_path, CASPER_SOCKPATH, sizeof(sun.sun_path)); + strlcpy(sun.sun_path, getenv("CASPER_SOCKPATH") ? : CASPER_SOCKPATH, sizeof(sun.sun_path)); sun.sun_len = SUN_LEN(&sun); sock = socket(AF_UNIX, SOCK_STREAM, 0); --- getenv_sockpath.diff ends here --- Alternatively, casperd(8) can be run under a dedicated user/group with only one instance. >Release-Note: >Audit-Trail: >Unformatted: