From owner-svn-src-all@FreeBSD.ORG Tue Sep 17 20:48:20 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 96A00C8D; Tue, 17 Sep 2013 20:48:20 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 75CF2223A; Tue, 17 Sep 2013 20:48:20 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r8HKmKEb081545; Tue, 17 Sep 2013 20:48:20 GMT (envelope-from jilles@svn.freebsd.org) Received: (from jilles@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r8HKmKSe081542; Tue, 17 Sep 2013 20:48:20 GMT (envelope-from jilles@svn.freebsd.org) Message-Id: <201309172048.r8HKmKSe081542@svn.freebsd.org> From: Jilles Tjoelker Date: Tue, 17 Sep 2013 20:48:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r255657 - head/sys/compat/freebsd32 X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Sep 2013 20:48:20 -0000 Author: jilles Date: Tue Sep 17 20:48:19 2013 New Revision: 255657 URL: http://svnweb.freebsd.org/changeset/base/255657 Log: Disallow cap_enter() in freebsd32 compatibility mode. The freebsd32 compatibility mode (for running 32-bit binaries on 64-bit kernels) does not currently allow any system calls in capability mode, but still permits cap_enter(). As a result, 32-bit binaries on 64-bit kernels that use capability mode do not work (they crash after being disallowed to call sys_exit()). Affected binaries include dhclient and uniq. The latter's crashes cause obscure build failures. This commit makes freebsd32 cap_enter() fail with [ENOSYS], as if capability mode was not compiled in. Applications deal with this by doing their work without capability mode. This commit does not fix the uncommon situation where a 64-bit process enters capability mode and then executes a 32-bit binary using fexecve(). This commit should be reverted when allowing the necessary freebsd32 system calls in capability mode. Reviewed by: pjd Approved by: re (hrs) Modified: head/sys/compat/freebsd32/freebsd32_capability.c head/sys/compat/freebsd32/syscalls.master Modified: head/sys/compat/freebsd32/freebsd32_capability.c ============================================================================== --- head/sys/compat/freebsd32/freebsd32_capability.c Tue Sep 17 20:33:42 2013 (r255656) +++ head/sys/compat/freebsd32/freebsd32_capability.c Tue Sep 17 20:48:19 2013 (r255657) @@ -49,6 +49,18 @@ __FBSDID("$FreeBSD$"); MALLOC_DECLARE(M_FILECAPS); int +freebsd32_cap_enter(struct thread *td, + struct freebsd32_cap_enter_args *uap) +{ + + /* + * We do not have an equivalent of capabilities.conf for freebsd32 + * compatibility, so do not allow capability mode for now. + */ + return (ENOSYS); +} + +int freebsd32_cap_ioctls_limit(struct thread *td, struct freebsd32_cap_ioctls_limit_args *uap) { @@ -136,6 +148,14 @@ out: #else /* !CAPABILITIES */ int +freebsd32_cap_enter(struct thread *td, + struct freebsd32_cap_enter_args *uap) +{ + + return (ENOSYS); +} + +int freebsd32_cap_ioctls_limit(struct thread *td, struct freebsd32_cap_ioctls_limit_args *uap) { Modified: head/sys/compat/freebsd32/syscalls.master ============================================================================== --- head/sys/compat/freebsd32/syscalls.master Tue Sep 17 20:33:42 2013 (r255656) +++ head/sys/compat/freebsd32/syscalls.master Tue Sep 17 20:48:19 2013 (r255657) @@ -973,7 +973,7 @@ 514 AUE_NULL OBSOL cap_new 515 AUE_CAP_RIGHTS_GET NOPROTO { int __cap_rights_get(int version, \ int fd, cap_rights_t *rightsp); } -516 AUE_CAP_ENTER NOPROTO { int cap_enter(void); } +516 AUE_CAP_ENTER STD { int freebsd32_cap_enter(void); } 517 AUE_CAP_GETMODE NOPROTO { int cap_getmode(u_int *modep); } 518 AUE_PDFORK NOPROTO { int pdfork(int *fdp, int flags); } 519 AUE_PDKILL NOPROTO { int pdkill(int fd, int signum); }