Date: Tue, 26 Sep 2017 18:06:15 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Ben Laurie <ben@links.org> Cc: "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org> Subject: Re: Capsicum and connect(2) Message-ID: <20170926220615.qd5e5pzmgmkrdg3x@mutt-hbsd> In-Reply-To: <CAG5KPzwW3jnvLk0ZBqJhqVRQkGSNt5LOYRK=eBcRBMhk4gDQJw@mail.gmail.com> References: <20170926193753.eolxa6lk5qvejtgc@mutt-hbsd> <CAG5KPzwW3jnvLk0ZBqJhqVRQkGSNt5LOYRK=eBcRBMhk4gDQJw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--rzfg4urtcvrq6tkd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Perhaps. But if the file descriptor is given the CAP_CONNECT capability, I should be able to call connect(2) on it, right? The manpage for connect(2) does not state that connect(2) is fully disallowed, even if CAP_CONNECT is a granted capability. On Tue, Sep 26, 2017 at 10:02:53PM +0000, Ben Laurie wrote: > ECAPMODE means the syscall is forbidden, surely? >=20 > On 26 September 2017 at 20:37, Shawn Webb <shawn.webb@hardenedbsd.org> wr= ote: > > Hey All, > > > > I'm working on applying Capsicum to Tor. I've got a PoC design for how > > I'm going to do it posted here: > > > > https://github.com/lattera/PoCs/tree/master/capsicum_fdpassing > > > > Note that the above code might have ugly spots. It's mostly just a brain > > dump. > > > > Essentially, the child process creates the socket and passes the > > socket's file descriptor back to the parent. The socket file descriptor > > has the capabilities sets already applied to it before it goes back to > > the parent. The socket creation and file descriptor passing seems to > > work well. > > > > However, what isn't working is calling connect(2) on the socket file > > descriptor in the parent. errno gets set to ECAPMODE. This is puzzling > > to me since CAP_CONNECT is set on the descriptor. > > > > Any help would be appreciated. > > > > Thanks, > > > > -- > > Shawn Webb > > Cofounder and Security Engineer > > HardenedBSD > > > > GPG Key ID: 0x6A84658F52456EEE > > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --rzfg4urtcvrq6tkd Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlnKz1QACgkQaoRlj1JF bu733w/+IVGgbh9H//ckTZUcfBQfonroG7rC9uEU5cg7GGm9PAtrAps3s/54W0NC SRhi8RIkjdOelyuNYy67uUHk2SCycrPR0QTKIHwTHFoPsngK5oJh266c4f1vJyKE HDCxg6CdrvqRTZfn0QKS7GEJFBxcn3Vj9Zbk8s4YaZGMfm7X7T0rTS8xgytHQPX7 wvBxw/VEM5expMtXJkSwqhabUwx2NoRvRZDtZGnZsjd4GUtvY8xK5A3gwa8ae8hH ztsniEQCrY8TzfuR9NvEkVIAjR3aFFPulMNlfr6TQFUseOf9nI5HXxA1NJsk5ZX5 QJhJdzLKDgwNAlSPFZXatSQMC93V5RCp90akqfLsaIo5V1HdvLlifCzdtjl+ItuW P+mkr0ccDZnyJxZa/1XS3FLE1vbBo2pmro65C0Mt2vt5XUaIoIRXNwKEkbZvONLy E2sA8bXZax9oV4lWh2mfB5MlpzR/4ePu92QwmU3UUpiJ2HZAEOQesLr6r3xIstGM 5I/vaFJHG0dgyChDN4gFLjrpE9IPx4Fgc3oh11md//0S5ZXyT1nyKxZVyL221boZ J9mVAzLnTevNnxpclfwTS0zxOhnxQwbPDMdxsu11jRkBRMfk9QeX52gAJEjPe8Sj uw1NstAIGwLjdgqSe4dR2iJukA1th7FdvWJm7ZCWYiwHYmroIvA= =wqJu -----END PGP SIGNATURE----- --rzfg4urtcvrq6tkd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170926220615.qd5e5pzmgmkrdg3x>