From owner-dev-commits-src-all@freebsd.org Thu Apr 1 14:01:16 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A9FFD5CF8F1; Thu, 1 Apr 2021 14:01:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FB4bc4TsKz3qcb; Thu, 1 Apr 2021 14:01:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8CF3B6054; Thu, 1 Apr 2021 14:01:16 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 131E1Get049355; Thu, 1 Apr 2021 14:01:16 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 131E1G1c049354; Thu, 1 Apr 2021 14:01:16 GMT (envelope-from git) Date: Thu, 1 Apr 2021 14:01:16 GMT Message-Id: <202104011401.131E1G1c049354@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: b8ae450f05e6 - main - traceroute6: Fix Capsicum rights for rcvsock MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b8ae450f05e62a851f444edaf7db2506ff99aa37 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Apr 2021 14:01:16 -0000 The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=b8ae450f05e62a851f444edaf7db2506ff99aa37 commit b8ae450f05e62a851f444edaf7db2506ff99aa37 Author: Mark Johnston AuthorDate: 2021-04-01 13:58:32 +0000 Commit: Mark Johnston CommitDate: 2021-04-01 14:00:29 +0000 traceroute6: Fix Capsicum rights for rcvsock - Always use distinct sockets for send and recv - Limit rights on the recv socket For ICMP6 we were using the same socket for both send and receive, and we limited rights on the socket such that it's impossible to receive anything. PR: 254623 Diagnosed by: Zhenlei Huang Reviewed by: oshogbo MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D29523 --- usr.sbin/traceroute6/traceroute6.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/usr.sbin/traceroute6/traceroute6.c b/usr.sbin/traceroute6/traceroute6.c index 7663283a6c44..8449a9861302 100644 --- a/usr.sbin/traceroute6/traceroute6.c +++ b/usr.sbin/traceroute6/traceroute6.c @@ -578,8 +578,6 @@ main(int argc, char *argv[]) */ switch (useproto) { case IPPROTO_ICMPV6: - sndsock = rcvsock; - break; case IPPROTO_NONE: case IPPROTO_SCTP: case IPPROTO_TCP: @@ -928,7 +926,6 @@ main(int argc, char *argv[]) * namespaces (e.g filesystem) is restricted (see capsicum(4)). * We must connect(2) our socket before this point. */ - if (caph_enter_casper() < 0) { fprintf(stderr, "caph_enter_casper: %s\n", strerror(errno)); exit(1); @@ -940,6 +937,12 @@ main(int argc, char *argv[]) strerror(errno)); exit(1); } + cap_rights_init(&rights, CAP_RECV); + if (caph_rights_limit(rcvsock, &rights) < 0) { + fprintf(stderr, "caph_rights_limit rcvsock: %s\n", + strerror(errno)); + exit(1); + } /* * Main loop