Date: Fri, 22 Mar 2024 23:37:56 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: freebsd-hackers@freebsd.org Subject: Filesystem extended attributes and Capsicum Message-ID: <bjeg3z2aa5owo7uur75olwuw6le2g3whzxwfgef4ozyy6w6kog@33b426ax6inf>
next in thread | raw e-mail | index | archive | help
--znjzrhotgeqp5oaq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hey all,
I'm writing an application in which I hope to enable Capsicum. I'm
experiencing an issue whereby extattr_get_fd fails with a file
descriptor that has all the extended attribute capabilities enabled
(CAP_EXTATTR_DELETE, CAP_EXTATTR_GET, CAP_EXTATTR_LIST, and
CAP_EXTATTR_SET).
Looking at the kernel source (sys/kern/vfs_extattr.c) tells me that
kern_extattr_get_fd only requires CAP_EXTATTR_GET.
So I'm a bit puzzled as to why my call to extattr_get_fd(2) is
failing. Am I doing something wrong or are filesystem extended
attributes not supported in a Capabilities-enabled process?
Here's how I'm creating the file descriptor (before calling
cap_enter(2)):
=3D=3D=3D=3D BEGIN CODE =3D=3D=3D=3D
static int
open_file(const char *path)
{
cap_rights_t rights;
int fd;
fd =3D open(path, O_PATH | O_CLOEXEC);
if (fd =3D=3D -1) {
return (-1);
} =20
memset(&rights, 0, sizeof(rights));
cap_rights_init(&rights, CAP_EXTATTR_DELETE, CAP_EXTATTR_GET,
CAP_EXTATTR_LIST, CAP_EXTATTR_SET);
cap_rights_limit(fd, &rights);
return (fd);
}
=3D=3D=3D=3D END CODE =3D=3D=3D=3D
Eventually, after calling cap_enter(2), the following code is called:
=3D=3D=3D=3D BEGIN CODE =3D=3D=3D=3D
#define ATTRNAME_ENABLED "hbsd.pax.aslr"
sz =3D extattr_get_fd(fd, ctx->hc_namespace, ATTRNAME_ENABLED, NULL=
, 0);
if (sz <=3D 0) {=20
if (errno =3D=3D ENOATTR) {
/*
* This is okay, it just means that nothing has been=
set.
* No error condition here.
*/
return (RES_SUCCESS);
}
return (RES_FAIL);
}
=3D=3D=3D=3D END CODE =3D=3D=3D=3D
For reference, the program's code is here:
https://git.hardenedbsd.org/shawn.webb/hbsdctrl/-/tree/main?ref_type=3Dheads
The library code, which is what's responsible for calling the
filesystem extended attribute related syscalls is here:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/tree/hardened/current=
/hbsdcontrol-v2/lib/libhbsdcontrol?ref_type=3Dheads
=46rom the rights(4) manual page, I'm instructed all I need are to apply
those capabilities to that file descriptor:
=3D=3D=3D=3D BEGIN PASTE =3D=3D=3D=3D
CAP_EXTATTR_DELETE Permit extattr_delete_fd(2).
CAP_EXTATTR_GET Permit extattr_get_fd(2).
CAP_EXTATTR_LIST Permit extattr_list_fd(2).
CAP_EXTATTR_SET Permit extattr_set_fd(2).
=3D=3D=3D=3D END PASTE =3D=3D=3D=3D
So I'm a bit unsure if I'm doing something wrong.
Thanks,
--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A=
4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
--znjzrhotgeqp5oaq
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmX+FkwACgkQ/y5nonf4
4fprhxAAoDCJ/T6dut1kQvt63wy48bjeDjrtrIziKs0F03nQKzQHEi2BHl97Syc+
LyqsxEGaxQtMRV8I4mGCqXk+uazKxLiz43H8GM1ln2kpI6xVGWqENdTVhQJdYyBn
8cpTw7hxJSsrY31Qio4Mjs4WQKdyYdHCwXAaTMloIo/uNT9HJ6ZXn4HZIgxUq/5k
cKB9AbURFWqR9czMNriHnRxOIuV58cd0OO2LEssprwS6NOYp3U5td1cgml8CKbWM
Nx2oRnwMYwOigDTmLHSfilUV2crqwfB+/jcICPO7cPZ9GIP4xRNulNQ6pmqTsW8k
AiBzMtLKxbSn/HfXCGa6eWURDuDMrM3JzfxTbD+J9Fo6CYW58mIDQsKmxDi42n/M
FQJDPLOX66MlXhM3ewxxKgtAU1lYFxfsOe8pi4BrMJVwiea9HJHLKrDqvvV8+TyI
RCelE7aPT4ipYcs7D08FfT8PB4arLhImcDUE7Nfk8zbiymHMfoqPzomr0U5KE9Mc
mi+u7pl1UiESSUsTDY68Wxu5xDlkK9lr4RctI90kuyoKs5SYHXf10rAicYxXDw2X
LZKUYUSlAg6HHNQCxtcUkLcd8Hnfw3GkrWRjwjZ/uYzJMAq0zaNyy26XsdCcFq0G
pmOpjxe19B5OS0wBsuB2DIT3CP8vmEin948x0OAR/FMInpUS71w=
=2waD
-----END PGP SIGNATURE-----
--znjzrhotgeqp5oaq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bjeg3z2aa5owo7uur75olwuw6le2g3whzxwfgef4ozyy6w6kog>