Date: Tue, 21 Jan 2014 12:21:50 -0600 From: Brooks Davis <brooks@freebsd.org> To: "KAMADA Ken'ichi" <kamada@nanohz.org> Cc: freebsd-security@freebsd.org Subject: Re: Capsicum and sendto(2) Message-ID: <20140121182150.GB80341@lor.one-eyed-alien.net> In-Reply-To: <20140121224511WQ%kamada@nanohz.org> References: <20140121224511WQ%kamada@nanohz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tue, Jan 21, 2014 at 10:45:11PM +0900, KAMADA Ken'ichi wrote: > Hi, > > What is the intended behavior of sendto() with non-NULL destination > when the capability mode is enabled? > > If the capability mode is *not* enabled, it is checked against > CAP_CONNECT in kern_sendit() @ uipc_syscall.c. > This matches the explanation in the rights(4) manual page. > > However, if the capability mode is enabled, it is always > rejected in sendit(). Is this intended? Yes, this is intended. In capabilty mode all access to namespaces is restricted including the IP address namespace. You must either connect your sockets before entereing capabilty mode or use casper to provide connected sockets. -- Brooks [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iD8DBQFS3rq8XY6L6fI4GtQRApKfAKDlxqHfgGJL/CLL2q3mIJKHWJclCwCgx46d X4F4WJLKyFnLt7AW2zpSfys= =8J8r -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140121182150.GB80341>