Date: Sat, 16 Sep 2017 16:02:00 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 222258] renameat(2) capability error with absolute path names outside of a sandbox Message-ID: <bug-222258-8-F5ua89AfNY@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-222258-8@https.bugs.freebsd.org/bugzilla/> References: <bug-222258-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222258 --- Comment #8 from Ed Maste <emaste@freebsd.org> --- namei() doesn't populate ndp->ni_filecaps when it performs an absolute path lookup (which is how we ended up with an invalid capability set, prompting D12391). This works for most cases of rights checks because the check is do= ne in namei against the passed-in set of required rights (e.g., when unlinkat calls namei with CAP_UNLINKAT required), but not in the case here where an explicit check is performed afterwards in namei's caller. Of course this is irrelevant for capability mode because the absolute path is disallowed anyw= ay. For non-capability mode I wonder if we need to fgetvp_rights also in the absolute path case? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-222258-8-F5ua89AfNY>