From owner-freebsd-current@FreeBSD.ORG Thu Sep 11 16:38:05 2014 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 34385E64; Thu, 11 Sep 2014 16:38:05 +0000 (UTC) Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 567F83ED; Thu, 11 Sep 2014 16:38:04 +0000 (UTC) Received: by mail-lb0-f172.google.com with SMTP id w7so8177392lbi.31 for ; Thu, 11 Sep 2014 09:38:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=UYKItcEII11XVL2KYlaHFNDRNPua4ftzn7R9y6Agpt4=; b=WC5aZV5vS8w3dADuyHoBKcYo3Pyc4bfoQsvdE5BcWoH+2k3j/Hn4ZR9q1mTzs98x7j Fz+H8VtVg2XuB9KWXBRO6YF1MOxPP+5R/bO+OHzHjALp/azMokoioyMJqIU0L+C5gqOK BQYRbtfUpD25yJjEihM64fc7KUmnPurL7UGgOVuwbwJxETts9UKU9rYEHJ3WCUV/3FZb hIqW0oiECQb2kQhsmrMo61WsKX1/q33bTPRm9QdfrqFeBRiFmRgag6Y4QDms8bMc7LM2 QTaKBoFpV2aKz63ANYNnUFhDZbZEYk9HGtPAN0+/h/YQARVwhQHSW+I0nCbJk6isuI4h WfUQ== MIME-Version: 1.0 X-Received: by 10.112.170.138 with SMTP id am10mr2486248lbc.74.1410453482116; Thu, 11 Sep 2014 09:38:02 -0700 (PDT) Sender: pkelsey@gmail.com Received: by 10.112.58.164 with HTTP; Thu, 11 Sep 2014 09:38:02 -0700 (PDT) In-Reply-To: <540FF706.2050400@freebsd.org> References: <540E14C4.9080201@freebsd.org> <540E26E6.5070700@freebsd.org> <540FF706.2050400@freebsd.org> Date: Thu, 11 Sep 2014 12:38:02 -0400 X-Google-Sender-Auth: 2l82bd-dntFOVDrfMknr_62OqUk Message-ID: Subject: Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient From: Patrick Kelsey To: Andrey Chernov Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: George Neville-Neil , current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Sep 2014 16:38:05 -0000 On Wed, Sep 10, 2014 at 3:00 AM, Andrey Chernov wrote: > On 09.09.2014 21:53, Patrick Kelsey wrote: > > I don't think it is worth the trouble, as given the larger pattern of > > libc routines requiring multiple capsicum rights, it seems one will in > > general have to have libc implementation knowledge when using it in > > concert with capsicum. For example, consider the limitfd() routine in > > kdump.c, which provides rights for the TIOCGETA ioctl to be used on > > stdout so the eventual call to isatty() via printf() will work as > intended. > > > > I think the above kdump example is a good one for the subtle issues that > > can arise when using capsicum with libc. That call to isatty() is via a > > widely-used internal libc routine __smakebuf(). __smakebuf() also calls > > __swhatbuf(), which in turn calls _fstat(), all to make sure that output > > to a tty is line buffered by default. It would appear that programs > > that restrict rights on stdout without allowing CAP_IOCTL and CAP_FSTAT > > could be disabling the normally default line buffering when stdout is a > > tty. kdump goes the distance, but dhclient does not (restricting stdout > > to CAP_WRITE only). > > > > In any event, the patch attached to my first message is seeming like the > > way to go. > > Well, then commit it (if capsicum team agrees). > > > Will do - thanks for the feedback. -Patrick