Date: Wed, 10 Sep 2014 11:00:22 +0400 From: Andrey Chernov <ache@freebsd.org> To: Patrick Kelsey <kelsey@ieee.org> Cc: George Neville-Neil <gnn@freebsd.org>, current@freebsd.org Subject: Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient Message-ID: <540FF706.2050400@freebsd.org> In-Reply-To: <CAD44qMVzNYh7St7yLPkuigj3hH-Z6OQW=W_to%2Bv_jAc8YwyBXQ@mail.gmail.com> References: <CAD44qMWgWn_OZ1i0Jy2WTLY=YAai%2B6-_Bq24QN-AjD9iYJ2JOA@mail.gmail.com> <540E14C4.9080201@freebsd.org> <CAD44qMW0k=o_YwU3Jus6TM1P2K2kzCKupDi6ZDDwjP5DogJpbw@mail.gmail.com> <540E26E6.5070700@freebsd.org> <CAD44qMVzNYh7St7yLPkuigj3hH-Z6OQW=W_to%2Bv_jAc8YwyBXQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09.09.2014 21:53, Patrick Kelsey wrote: > I don't think it is worth the trouble, as given the larger pattern of > libc routines requiring multiple capsicum rights, it seems one will in > general have to have libc implementation knowledge when using it in > concert with capsicum. For example, consider the limitfd() routine in > kdump.c, which provides rights for the TIOCGETA ioctl to be used on > stdout so the eventual call to isatty() via printf() will work as intended. > > I think the above kdump example is a good one for the subtle issues that > can arise when using capsicum with libc. That call to isatty() is via a > widely-used internal libc routine __smakebuf(). __smakebuf() also calls > __swhatbuf(), which in turn calls _fstat(), all to make sure that output > to a tty is line buffered by default. It would appear that programs > that restrict rights on stdout without allowing CAP_IOCTL and CAP_FSTAT > could be disabling the normally default line buffering when stdout is a > tty. kdump goes the distance, but dhclient does not (restricting stdout > to CAP_WRITE only). > > In any event, the patch attached to my first message is seeming like the > way to go. Well, then commit it (if capsicum team agrees). -- http://ache.vniz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?540FF706.2050400>