Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Apr 2021 14:01:16 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: b8ae450f05e6 - main - traceroute6: Fix Capsicum rights for rcvsock
Message-ID:  <202104011401.131E1G1c049354@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=b8ae450f05e62a851f444edaf7db2506ff99aa37

commit b8ae450f05e62a851f444edaf7db2506ff99aa37
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-04-01 13:58:32 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-04-01 14:00:29 +0000

    traceroute6: Fix Capsicum rights for rcvsock
    
    - Always use distinct sockets for send and recv
    - Limit rights on the recv socket
    
    For ICMP6 we were using the same socket for both send and receive, and
    we limited rights on the socket such that it's impossible to receive
    anything.
    
    PR:             254623
    Diagnosed by:   Zhenlei Huang <zlei.huang@gmail.com>
    Reviewed by:    oshogbo
    MFC after:      3 days
    Differential Revision:  https://reviews.freebsd.org/D29523
---
 usr.sbin/traceroute6/traceroute6.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/usr.sbin/traceroute6/traceroute6.c b/usr.sbin/traceroute6/traceroute6.c
index 7663283a6c44..8449a9861302 100644
--- a/usr.sbin/traceroute6/traceroute6.c
+++ b/usr.sbin/traceroute6/traceroute6.c
@@ -578,8 +578,6 @@ main(int argc, char *argv[])
 	 */
 	switch (useproto) {
 	case IPPROTO_ICMPV6:
-		sndsock = rcvsock;
-		break;
 	case IPPROTO_NONE:
 	case IPPROTO_SCTP:
 	case IPPROTO_TCP:
@@ -928,7 +926,6 @@ main(int argc, char *argv[])
 	 * namespaces (e.g filesystem) is restricted (see capsicum(4)).
 	 * We must connect(2) our socket before this point.
 	 */
-
 	if (caph_enter_casper() < 0) {
 		fprintf(stderr, "caph_enter_casper: %s\n", strerror(errno));
 		exit(1);
@@ -940,6 +937,12 @@ main(int argc, char *argv[])
 		    strerror(errno));
 		exit(1);
 	}
+	cap_rights_init(&rights, CAP_RECV);
+	if (caph_rights_limit(rcvsock, &rights) < 0) {
+		fprintf(stderr, "caph_rights_limit rcvsock: %s\n",
+		    strerror(errno));
+		exit(1);
+	}
 
 	/*
 	 * Main loop

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104011401.131E1G1c049354>