Date: Fri, 12 Sep 2014 21:29:56 -0700 From: Peter Wemm <peter@wemm.org> To: freebsd-current@freebsd.org Cc: Patrick Kelsey <kelsey@ieee.org>, George Neville-Neil <gnn@freebsd.org> Subject: Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient Message-ID: <4252906.DAHIEnKpIF@overcee.wemm.org> In-Reply-To: <CAD44qMV_AVYO2nwUJO27T8MYbacj2GgxectXtBuHU2qnWq_Ppw@mail.gmail.com> References: <CAD44qMWgWn_OZ1i0Jy2WTLY=YAai%2B6-_Bq24QN-AjD9iYJ2JOA@mail.gmail.com> <540FF706.2050400@freebsd.org> <CAD44qMV_AVYO2nwUJO27T8MYbacj2GgxectXtBuHU2qnWq_Ppw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2842358.8oZ6Muxc0B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" On Thursday, September 11, 2014 12:38:02 PM Patrick Kelsey wrote: > On Wed, Sep 10, 2014 at 3:00 AM, Andrey Chernov <ache@freebsd.org> wr= ote: > > On 09.09.2014 21:53, Patrick Kelsey wrote: > > > I don't think it is worth the trouble, as given the larger patter= n of > > > libc routines requiring multiple capsicum rights, it seems one wi= ll in > > > general have to have libc implementation knowledge when using it = in > > > concert with capsicum. For example, consider the limitfd() routi= ne in > > > kdump.c, which provides rights for the TIOCGETA ioctl to be used = on > > > stdout so the eventual call to isatty() via printf() will work as= > >=20 > > intended. > >=20 > > > I think the above kdump example is a good one for the subtle issu= es that > > > can arise when using capsicum with libc. That call to isatty() i= s via a > > > widely-used internal libc routine __smakebuf(). __smakebuf() als= o calls > > > __swhatbuf(), which in turn calls _fstat(), all to make sure that= output > > > to a tty is line buffered by default. It would appear that progr= ams > > > that restrict rights on stdout without allowing CAP_IOCTL and CAP= _FSTAT > > > could be disabling the normally default line buffering when stdou= t is a > > > tty. kdump goes the distance, but dhclient does not (restricting= stdout > > > to CAP_WRITE only). > > >=20 > > > In any event, the patch attached to my first message is seeming l= ike the > > > way to go. > >=20 > > Well, then commit it (if capsicum team agrees). >=20 > Will do - thanks for the feedback. >=20 > -Patrick Is there any possibility that this is related to the problem we've rece= ntly=20 hit in the freebsd.org cluster with this month's refresh? After running for a while: Sep 10 02:39:44 ns2 unbound: [65258:0] notice: init module 0: validator= Sep 10 02:39:44 ns2 unbound: [65258:0] notice: init module 1: iterator Sep 10 11:44:29 ns2 unbound: [65258:3] fatal error: event_dispatch retu= rned=20 error -1, errno is Capabilities insufficient Sep 10 16:21:16 ns2 unbound: [28212:0] warning: did not exit gracefully= last=20 time (65258) Sep 10 16:21:16 ns2 unbound: [28213:0] notice: init module 0: validator= Sep 10 16:21:16 ns2 unbound: [28213:0] notice: init module 1: iterator Sep 11 10:23:49 ns2 unbound: [28213:5] fatal error: event_dispatch retu= rned=20 error -1, errno is Capabilities insufficient Sep 11 13:48:46 ns2 unbound: [79419:0] warning: did not exit gracefully= last=20 time (28213) Sep 11 13:48:46 ns2 unbound: [79420:0] notice: init module 0: validator= Sep 11 13:48:46 ns2 unbound: [79420:0] notice: init module 1: iterator Sep 11 18:42:56 ns2 unbound: [79420:6] fatal error: event_dispatch retu= rned=20 error -1, errno is Capabilities insufficient I believe this jail was started from the boot process. If I restart the= jail=20 by hand from a ssh session the problem goes away. This is unbound from ports and I don't have any more details than this.= This=20 is new this month. =2D-=20 Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI= 6FJV UTF-8: for when a ' or ... just won\342\200\231t do\342\200\246 --nextPart2842358.8oZ6Muxc0B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAABAgAGBQJUE8hJAAoJEDXWlwnsgJ4En5oH/3eQm+QHBJCffu3igIvxpIiX sWVfDoAvJ8XQNeY7rkE+EE8XOT4TeV/XZtJWfSQCir57x7P+SCLQgiMXc46gsuvg XDU3F+1Cb3P+y7jVx/vcuQZIo/42j8TiWZk5YVVHB+YkxP28wypUYIbZdCH/duCy nFm2zcH4bQHaYAp359jj1JhE1MkLUy4B9sg0reHJzuzzJ37+HBmZFds71cMXvShe LtRZBS06f9HPOuVO1+xNOPAHq5roVLT2str2qeS6rvW9LX9ZXeoqHWkzR2uXv6rj 7hGuUI1UL4HCLiylBHlqat0DHJMYBFlaGaY5Aps6waTon93HcXiS1wK4rHMGAPk= =xQCX -----END PGP SIGNATURE----- --nextPart2842358.8oZ6Muxc0B--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4252906.DAHIEnKpIF>