From owner-freebsd-current@FreeBSD.ORG Sat Sep 13 04:30:03 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A04AACCD; Sat, 13 Sep 2014 04:30:03 +0000 (UTC) Received: from smtp2.wemm.org (smtp2.wemm.org [192.203.228.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp2.wemm.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7BDE0806; Sat, 13 Sep 2014 04:30:03 +0000 (UTC) Received: from overcee.wemm.org (canning.wemm.org [192.203.228.65]) by smtp2.wemm.org (Postfix) with ESMTP id 6DECFE2F; Fri, 12 Sep 2014 21:30:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=m20140428; t=1410582602; bh=F0cnKa2PuTWehaPeQ7WoVSrcydAoXu3qysvrmbieoNo=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=SAiY57UxBMalJzLsIJfGubr8CqAqGkZzQG7EbIMOh9P7mI/3lXBMsBRwETU81A4zo hwfL2B48XaP3Q/5RRoiYxImaDh0MEClhDC3SVJaYsxVcb+JY3AXH7iIpAVhBAu0Kg5 3hZg+J7aXwqmv3szT1mcy8e+jKbYgNM5p7Nf8TFg= From: Peter Wemm To: freebsd-current@freebsd.org Subject: Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient Date: Fri, 12 Sep 2014 21:29:56 -0700 Message-ID: <4252906.DAHIEnKpIF@overcee.wemm.org> User-Agent: KMail/4.12.5 (FreeBSD/11.0-CURRENT; KDE/4.12.5; amd64; ; ) In-Reply-To: References: <540FF706.2050400@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2842358.8oZ6Muxc0B"; micalg="pgp-sha1"; protocol="application/pgp-signature" Cc: Patrick Kelsey , George Neville-Neil X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Sep 2014 04:30:03 -0000 --nextPart2842358.8oZ6Muxc0B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" On Thursday, September 11, 2014 12:38:02 PM Patrick Kelsey wrote: > On Wed, Sep 10, 2014 at 3:00 AM, Andrey Chernov wr= ote: > > On 09.09.2014 21:53, Patrick Kelsey wrote: > > > I don't think it is worth the trouble, as given the larger patter= n of > > > libc routines requiring multiple capsicum rights, it seems one wi= ll in > > > general have to have libc implementation knowledge when using it = in > > > concert with capsicum. For example, consider the limitfd() routi= ne in > > > kdump.c, which provides rights for the TIOCGETA ioctl to be used = on > > > stdout so the eventual call to isatty() via printf() will work as= > >=20 > > intended. > >=20 > > > I think the above kdump example is a good one for the subtle issu= es that > > > can arise when using capsicum with libc. That call to isatty() i= s via a > > > widely-used internal libc routine __smakebuf(). __smakebuf() als= o calls > > > __swhatbuf(), which in turn calls _fstat(), all to make sure that= output > > > to a tty is line buffered by default. It would appear that progr= ams > > > that restrict rights on stdout without allowing CAP_IOCTL and CAP= _FSTAT > > > could be disabling the normally default line buffering when stdou= t is a > > > tty. kdump goes the distance, but dhclient does not (restricting= stdout > > > to CAP_WRITE only). > > >=20 > > > In any event, the patch attached to my first message is seeming l= ike the > > > way to go. > >=20 > > Well, then commit it (if capsicum team agrees). >=20 > Will do - thanks for the feedback. >=20 > -Patrick Is there any possibility that this is related to the problem we've rece= ntly=20 hit in the freebsd.org cluster with this month's refresh? After running for a while: Sep 10 02:39:44 ns2 unbound: [65258:0] notice: init module 0: validator= Sep 10 02:39:44 ns2 unbound: [65258:0] notice: init module 1: iterator Sep 10 11:44:29 ns2 unbound: [65258:3] fatal error: event_dispatch retu= rned=20 error -1, errno is Capabilities insufficient Sep 10 16:21:16 ns2 unbound: [28212:0] warning: did not exit gracefully= last=20 time (65258) Sep 10 16:21:16 ns2 unbound: [28213:0] notice: init module 0: validator= Sep 10 16:21:16 ns2 unbound: [28213:0] notice: init module 1: iterator Sep 11 10:23:49 ns2 unbound: [28213:5] fatal error: event_dispatch retu= rned=20 error -1, errno is Capabilities insufficient Sep 11 13:48:46 ns2 unbound: [79419:0] warning: did not exit gracefully= last=20 time (28213) Sep 11 13:48:46 ns2 unbound: [79420:0] notice: init module 0: validator= Sep 11 13:48:46 ns2 unbound: [79420:0] notice: init module 1: iterator Sep 11 18:42:56 ns2 unbound: [79420:6] fatal error: event_dispatch retu= rned=20 error -1, errno is Capabilities insufficient I believe this jail was started from the boot process. If I restart the= jail=20 by hand from a ssh session the problem goes away. This is unbound from ports and I don't have any more details than this.= This=20 is new this month. =2D-=20 Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI= 6FJV UTF-8: for when a ' or ... just won\342\200\231t do\342\200\246 --nextPart2842358.8oZ6Muxc0B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABAgAGBQJUE8hJAAoJEDXWlwnsgJ4En5oH/3eQm+QHBJCffu3igIvxpIiX sWVfDoAvJ8XQNeY7rkE+EE8XOT4TeV/XZtJWfSQCir57x7P+SCLQgiMXc46gsuvg XDU3F+1Cb3P+y7jVx/vcuQZIo/42j8TiWZk5YVVHB+YkxP28wypUYIbZdCH/duCy nFm2zcH4bQHaYAp359jj1JhE1MkLUy4B9sg0reHJzuzzJ37+HBmZFds71cMXvShe LtRZBS06f9HPOuVO1+xNOPAHq5roVLT2str2qeS6rvW9LX9ZXeoqHWkzR2uXv6rj 7hGuUI1UL4HCLiylBHlqat0DHJMYBFlaGaY5Aps6waTon93HcXiS1wK4rHMGAPk= =xQCX -----END PGP SIGNATURE----- --nextPart2842358.8oZ6Muxc0B--