From owner-freebsd-bugs@freebsd.org  Sat Sep 16 16:02:00 2017
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A4407E1EDC7
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 16 Sep 2017 16:02:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 92D227E956
 for <freebsd-bugs@FreeBSD.org>; Sat, 16 Sep 2017 16:02:00 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from bugs.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v8GG20iX012585
 for <freebsd-bugs@FreeBSD.org>; Sat, 16 Sep 2017 16:02:00 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
From: bugzilla-noreply@freebsd.org
To: freebsd-bugs@FreeBSD.org
Subject: [Bug 222258] renameat(2) capability error with absolute path names
 outside of a sandbox
Date: Sat, 16 Sep 2017 16:02:00 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 11.0-RELEASE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: emaste@freebsd.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-222258-8-F5ua89AfNY@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-222258-8@https.bugs.freebsd.org/bugzilla/>
References: <bug-222258-8@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Sep 2017 16:02:00 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222258

--- Comment #8 from Ed Maste <emaste@freebsd.org> ---
namei() doesn't populate ndp->ni_filecaps when it performs an absolute path
lookup (which is how we ended up with an invalid capability set, prompting
D12391). This works for most cases of rights checks because the check is do=
ne
in namei against the passed-in set of required rights (e.g., when unlinkat
calls namei with CAP_UNLINKAT required), but not in the case here where an
explicit check is performed afterwards in namei's caller. Of course this is
irrelevant for capability mode because the absolute path is disallowed anyw=
ay.
For non-capability mode I wonder if we need to fgetvp_rights also in the
absolute path case?

--=20
You are receiving this mail because:
You are the assignee for the bug.=