From owner-svn-src-head@freebsd.org  Tue Sep  3 14:07:02 2019
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3F34EDD1F0;
 Tue,  3 Sep 2019 14:06:57 +0000 (UTC)
 (envelope-from yuripv@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46N8006BV4z4Q4D;
 Tue,  3 Sep 2019 14:06:56 +0000 (UTC)
 (envelope-from yuripv@freebsd.org)
Received: by freefall.freebsd.org (Postfix, from userid 1452)
 id 7574C1ADE7; Tue,  3 Sep 2019 14:06:22 +0000 (UTC)
X-Original-To: yuripv@localmail.freebsd.org
Delivered-To: yuripv@localmail.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client CN "mx1.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by freefall.freebsd.org (Postfix) with ESMTPS id E6D681B6BA;
 Tue, 16 Apr 2019 13:20:25 +0000 (UTC)
 (envelope-from owner-src-committers@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3D9A48BCA0;
 Tue, 16 Apr 2019 13:20:25 +0000 (UTC)
 (envelope-from owner-src-committers@freebsd.org)
Received: by freefall.freebsd.org (Postfix, from userid 538)
 id 1A56C1B677; Tue, 16 Apr 2019 13:20:25 +0000 (UTC)
Delivered-To: src-committers@localmail.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client CN "mx1.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by freefall.freebsd.org (Postfix) with ESMTPS id 7AED31B670
 for <src-committers@localmail.freebsd.org>;
 Tue, 16 Apr 2019 13:20:22 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com
 [IPv6:2607:f8b0:4864:20::82a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 461DD8BC93
 for <src-committers@freebsd.org>; Tue, 16 Apr 2019 13:20:22 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-qt1-x82a.google.com with SMTP id z16so23224806qtn.4
 for <src-committers@freebsd.org>; Tue, 16 Apr 2019 06:20:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=7/HKjswzcI5RPNxTg/hAVI6NF3iPXMKNwF2/ITgGCj8=;
 b=e1+veL3HkNBpinLVZl+QSHd4j4JiY1ci/JXzgbHjzyunpQpznJPkP2lXMm+Pe11URC
 HXgZNdq3iKFuruhbO/Q0TUNZe1ElRpQIPRR4dfLDDzvswQxiA5+3fxckSXsbzhbmGZmS
 fOQsnCEjPxxNvCtQ0g7xDuA0uqTH3E5nIm1Wt4zRqEhplRKlkdXJER0sCebkvC/lb6EX
 vfF/aRxFyJZpTbGFM3X6CnBmDpUmsHAuEeaejBoN7cNVOhNoV5Xz+77XiGR5UhFX3+zU
 9h++/d96AvB8R0leruHZkvapFvUdwhWPhdRpLsJGQtSctobV3ZrP38mKIud/nkRBA/x4
 +4Ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=7/HKjswzcI5RPNxTg/hAVI6NF3iPXMKNwF2/ITgGCj8=;
 b=GmhkUdiJuxrlSeZ6UqUHt8UW6iFWJADH5kX6fUhI9h1P2KVTpDxUVZCgYkk5mDonj+
 IPqae6xRUCTrdvp3yKR9TBN/pRYLYcju4SUQ9CGQ/SIpeaWQSptFbly5gLAKyuCPRA85
 QngN4H4Yd4i9jveHmOKNK4Efz2a8dcmg5ER27gQQMUOz6Ux23oFiBJduNawd2aabvmfb
 ncJwA4Itf/E2gyujvD3gqHEvNFw7zhkj/uvH028hCyl8azU8Imiojng7zSLMsYrsTN/U
 8eSzrMXRLwnhfuFdPRlWKZgEHx+Hg7007u3+Zelna45REmC4ATaxtz5hyhFkjAjsRB6O
 CSxQ==
X-Gm-Message-State: APjAAAUgRn8fesDn1wZ3EYby64I14Sz0/uBYkVfrqJMyqW9lu1VjzUkG
 7GeMTBPRXJkPsIZ5jJVtnOSt6g==
X-Google-Smtp-Source: APXvYqx18N+YnmkU0qNoZ35oSmQD9+dGKq36lZH0tj64bZFQZiQ8OIqwxvCf3hfaaFOOfl/2yIi1Hg==
X-Received: by 2002:ac8:33dd:: with SMTP id d29mr65183528qtb.320.1555420821685; 
 Tue, 16 Apr 2019 06:20:21 -0700 (PDT)
Received: from mutt-hbsd ([151.196.118.239])
 by smtp.gmail.com with ESMTPSA id q51sm35502302qtc.38.2019.04.16.06.20.20
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 16 Apr 2019 06:20:20 -0700 (PDT)
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Mariusz Zaborski <oshogbo@FreeBSD.org>
Cc: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: Re: svn commit: r346263 - head/contrib/tcpdump
Message-ID: <20190416131915.2ocot4nonnf3sl4a@mutt-hbsd>
References: <201904160412.x3G4CgN2015092@repo.freebsd.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="epj5rmk7yofcyaoj"
Content-Disposition: inline
In-Reply-To: <201904160412.x3G4CgN2015092@repo.freebsd.org>
X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD
 13.0-CURRENT-HBSD  HARDENEDBSD-13-CURRENT  amd64
X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA
User-Agent: NeoMutt/20180716
Precedence: bulk
X-Loop: FreeBSD.org
Sender: owner-src-committers@freebsd.org
X-Rspamd-Queue-Id: 3D9A48BCA0
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.96 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.96)[-0.963,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]
Status: O
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.29
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
Date: Tue, 03 Sep 2019 14:07:02 -0000
X-Original-Date: Tue, 16 Apr 2019 09:19:15 -0400
X-List-Received-Date: Tue, 03 Sep 2019 14:07:02 -0000


--epj5rmk7yofcyaoj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 16, 2019 at 04:12:42AM +0000, Mariusz Zaborski wrote:
> Author: oshogbo
> Date: Tue Apr 16 04:12:41 2019
> New Revision: 346263
> URL: https://svnweb.freebsd.org/changeset/base/346263
>=20
> Log:
>   tcpdump: disable Capsicum if -E option is provided.
>  =20
>   The -E is used to provide a secret for decrypting IPsec.
>   The secret may be provided through command line or as the file.
>   The problem is that tcpdump doesn't support yet opening files in capabi=
lity mode
>   and the file may contain a list of the files to open.
>  =20
>   As a workaround, for now, let's just disable capsicum if the -E
>   the option is provided.
>  =20
>   PR:		236819
>   MFC after:	2 weeks
>=20
> Modified:
>   head/contrib/tcpdump/tcpdump.c
>=20
> Modified: head/contrib/tcpdump/tcpdump.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/contrib/tcpdump/tcpdump.c	Tue Apr 16 02:48:04 2019	(r346262)
> +++ head/contrib/tcpdump/tcpdump.c	Tue Apr 16 04:12:41 2019	(r346263)
> @@ -2063,7 +2063,8 @@ main(int argc, char **argv)
>  	}
> =20
>  #ifdef HAVE_CAPSICUM
> -	cansandbox =3D (VFileName =3D=3D NULL && zflag =3D=3D NULL);
> +	cansandbox =3D (VFileName =3D=3D NULL && zflag =3D=3D NULL &&
> +	    ndo->ndo_espsecret =3D=3D NULL);
>  #ifdef HAVE_CASPER
>  	cansandbox =3D (cansandbox && (ndo->ndo_nflag || capdns !=3D NULL));
>  #else

Is there any documentation anywhere telling users that Capsicum
support will be disabled under certain circumstances?

Thanks,

--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
Tor+XMPP+OTR:        lattera@is.a.hacker.sx
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9  3633 C85B 0AF8 AB23 0FB2

--epj5rmk7yofcyaoj
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAly11k0ACgkQ/y5nonf4
4fowyBAAosXBRr/wadcuilGpEb9c6ytfp+mBiubhDc2s3cNgth5yEIY9RxZBU1SS
cshIWcTPdmyb063/0HLroBaqJZmnw3Rro+esu+Oirh+0rj3W1GSxqHE4yohr2iux
Q1i8/C4wUVI7hvUHvs44/NqOxPhnOr34KL+YgQ6T8R7H1HVD+Jfh9Zo/apkUKBVC
5WorHPu9u9sxAyIQ16PZvS9TzbD/u4LzYSGABa78whk9IUU/MG9LBIC+kjwV9nBv
ZpWrdfqIJsOzeY3BM8XYWqBXQdXCR0xQVrQm2h5Kx+9qB+93ptxx8TI2bi3CCZUd
qtbjjvk0bHH6rIJWBNG+3qzt1ouGF9utHIHYkmb8RyUPKRx6UB8MBbV+a5C1Txry
MSG7wwtcYz/73c4RAY5whI7DfHi/2sd1nbOfJcVcH3TObZQRMvr9PGE320RFMmK8
SpfBp7PkTjiSlwli6Ci6nqjg6mFcvFM24UvoJ/4aDjp0HNfAyWFEqr5kEtALBC4V
WZFCLpNwwlhO0XTZBhJXqpDPRDO94z01cQVkv5OAPZNLm9SUSZnAHmHLyUs68yhI
LzbRV1swUi80sI/7hC+YVT09tmbcFm3TVOqVvhXxBVcqUrY3J3+fufVRctTXFYWf
HlCSfoG/l6RXmo1OYanEIW3DSSVYXcBgmjV6eZk0FL2cwyrdErA=
=edr2
-----END PGP SIGNATURE-----

--epj5rmk7yofcyaoj--