Date: Wed, 28 Mar 2018 14:35:25 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r331678 - stable/11/lib/libc/sys Message-ID: <201803281435.w2SEZPWS001334@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Wed Mar 28 14:35:24 2018 New Revision: 331678 URL: https://svnweb.freebsd.org/changeset/base/331678 Log: MFC Capsicum open(2) and openat(2) documentation r306537 by cem: open.2: Document Capsicum behavior Document open(2) and openat(2) behavior in Capsicum capability mode. Sponsored by: Dell EMC Isilon r323622 by emaste: open(2): update ENOTCAPABLE description for .. lookups After r308732 (MFC of r308212) Capsicum permits .. lookups in capability mode, as long as path component traversal does not escape the directory corresponding to the provided file descriptor. Sponsored by: The FreeBSD Foundation Modified: stable/11/lib/libc/sys/open.2 Directory Properties: stable/11/ (props changed) Modified: stable/11/lib/libc/sys/open.2 ============================================================================== --- stable/11/lib/libc/sys/open.2 Wed Mar 28 14:33:35 2018 (r331677) +++ stable/11/lib/libc/sys/open.2 Wed Mar 28 14:35:24 2018 (r331678) @@ -28,7 +28,7 @@ .\" @(#)open.2 8.2 (Berkeley) 11/16/93 .\" $FreeBSD$ .\" -.Dd November 22, 2016 +.Dd March 28, 2018 .Dt OPEN 2 .Os .Sh NAME @@ -95,6 +95,28 @@ parameter, the current working directory is used and the behavior is identical to a call to .Fn open . .Pp +In +.Xr capsicum 4 +capability mode, +.Fn open +is not permitted. +The +.Fa path +argument to +.Fn openat +must be strictly relative to a file descriptor +.Fa fd , +as defined in +.Pa sys/kern/vfs_lookup.c . +.Fa path +must not be an absolute path and must not contain ".." components. +Additionally, no symbolic link in +.Fa path +may contain ".." components either. +.Fa fd +must not be +.Dv AT_FDCWD . +.Pp The flags specified are formed by .Em or Ns 'ing the following values @@ -457,6 +479,17 @@ nor a file descriptor associated with a directory. .It Bq Er ENOTDIR .Dv O_DIRECTORY is specified and the file is not a directory. +.It Bq Er ECAPMODE +.Dv AT_FDCWD +is specified and the process is in capability mode. +.It Bq Er ECAPMODE +.Fn open +was called and the process is in capability mode. +.It Bq Er ENOTCAPABLE +.Fa path +is an absolute path or contained a ".." component leading to a +directory outside of the directory hierarchy specified by +.Fa fd . .El .Sh SEE ALSO .Xr chmod 2 ,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803281435.w2SEZPWS001334>