Date: Fri, 7 Dec 2018 10:59:59 -0800 From: Conrad Meyer <cem@freebsd.org> To: John Baldwin <jhb@freebsd.org> Cc: src-committers <src-committers@freebsd.org>, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys Message-ID: <CAG6CVpW4_=GhLnRktA0uzji0EykrwND-dSDjrz2kHgK3MycO3g@mail.gmail.com> In-Reply-To: <f88691bd-0efb-e49d-8486-1405c5eb11dc@FreeBSD.org> References: <201812071517.wB7FHTiI035911@repo.freebsd.org> <e9e457ed-00f5-705e-55ea-1ad602f34ef0@FreeBSD.org> <20181207174757.GI52540@kib.kiev.ua> <f88691bd-0efb-e49d-8486-1405c5eb11dc@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 7, 2018 at 10:05 AM John Baldwin <jhb@freebsd.org> wrote: > The > requirement for root mostly mitigates this when root vs not-root is your > only privilege. However, a capsicum vs non-capsicum process is a more > recent privilege that is orthogonal to root vs non-root. It might be that > allowing a capsicumized root to create links to files that were intentionally > unlinked by a non-capsicumized root would be the same problem. None of these syscalls were added to sys/kern/capabilities.conf, so I think a capsicum-contained root cannot use them anyway. Maybe I misunderstand how capabilities.conf works, though. Best, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpW4_=GhLnRktA0uzji0EykrwND-dSDjrz2kHgK3MycO3g>