Date: Thu, 11 Sep 2014 12:38:02 -0400 From: Patrick Kelsey <kelsey@ieee.org> To: Andrey Chernov <ache@freebsd.org> Cc: George Neville-Neil <gnn@freebsd.org>, current <current@freebsd.org> Subject: Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient Message-ID: <CAD44qMV_AVYO2nwUJO27T8MYbacj2GgxectXtBuHU2qnWq_Ppw@mail.gmail.com> In-Reply-To: <540FF706.2050400@freebsd.org> References: <CAD44qMWgWn_OZ1i0Jy2WTLY=YAai%2B6-_Bq24QN-AjD9iYJ2JOA@mail.gmail.com> <540E14C4.9080201@freebsd.org> <CAD44qMW0k=o_YwU3Jus6TM1P2K2kzCKupDi6ZDDwjP5DogJpbw@mail.gmail.com> <540E26E6.5070700@freebsd.org> <CAD44qMVzNYh7St7yLPkuigj3hH-Z6OQW=W_to%2Bv_jAc8YwyBXQ@mail.gmail.com> <540FF706.2050400@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 10, 2014 at 3:00 AM, Andrey Chernov <ache@freebsd.org> wrote: > On 09.09.2014 21:53, Patrick Kelsey wrote: > > I don't think it is worth the trouble, as given the larger pattern of > > libc routines requiring multiple capsicum rights, it seems one will in > > general have to have libc implementation knowledge when using it in > > concert with capsicum. For example, consider the limitfd() routine in > > kdump.c, which provides rights for the TIOCGETA ioctl to be used on > > stdout so the eventual call to isatty() via printf() will work as > intended. > > > > I think the above kdump example is a good one for the subtle issues that > > can arise when using capsicum with libc. That call to isatty() is via a > > widely-used internal libc routine __smakebuf(). __smakebuf() also calls > > __swhatbuf(), which in turn calls _fstat(), all to make sure that output > > to a tty is line buffered by default. It would appear that programs > > that restrict rights on stdout without allowing CAP_IOCTL and CAP_FSTAT > > could be disabling the normally default line buffering when stdout is a > > tty. kdump goes the distance, but dhclient does not (restricting stdout > > to CAP_WRITE only). > > > > In any event, the patch attached to my first message is seeming like the > > way to go. > > Well, then commit it (if capsicum team agrees). > > > Will do - thanks for the feedback. -Patrick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD44qMV_AVYO2nwUJO27T8MYbacj2GgxectXtBuHU2qnWq_Ppw>