Date: Tue, 21 Jan 2014 12:21:50 -0600 From: Brooks Davis <brooks@freebsd.org> To: "KAMADA Ken'ichi" <kamada@nanohz.org> Cc: freebsd-security@freebsd.org Subject: Re: Capsicum and sendto(2) Message-ID: <20140121182150.GB80341@lor.one-eyed-alien.net> In-Reply-To: <20140121224511WQ%kamada@nanohz.org> References: <20140121224511WQ%kamada@nanohz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--bCsyhTFzCvuiizWE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 21, 2014 at 10:45:11PM +0900, KAMADA Ken'ichi wrote: > Hi, >=20 > What is the intended behavior of sendto() with non-NULL destination > when the capability mode is enabled? >=20 > If the capability mode is *not* enabled, it is checked against > CAP_CONNECT in kern_sendit() @ uipc_syscall.c. > This matches the explanation in the rights(4) manual page. >=20 > However, if the capability mode is enabled, it is always > rejected in sendit(). Is this intended? Yes, this is intended. In capabilty mode all access to namespaces is=20 restricted including the IP address namespace. You must either connect your sockets before entereing capabilty mode or use casper to provide connected sockets. -- Brooks --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iD8DBQFS3rq8XY6L6fI4GtQRApKfAKDlxqHfgGJL/CLL2q3mIJKHWJclCwCgx46d X4F4WJLKyFnLt7AW2zpSfys= =8J8r -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140121182150.GB80341>