git: c7a8502bdf18 - main - open.2: describe O_RESOLVE_BENEATH errors correctly

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ed Maste <emaste_at_FreeBSD.org>
Date: Thu, 02 Mar 2023 20:59:21 UTC
The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=c7a8502bdf187ccf035c5b29a93e34cc01346a73

commit c7a8502bdf187ccf035c5b29a93e34cc01346a73
Author:     Val Packett <val@packett.cool>
AuthorDate: 2023-02-19 20:14:15 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-03-02 20:58:00 +0000

    open.2: describe O_RESOLVE_BENEATH errors correctly
    
    The behavior is the same as in capability mode, it does not actually
    return EINVAL for absolute lookups:
    
        openat(AT_FDCWD,"/tmp/test",O_RDONLY|O_DIRECTORY,00) = 3 (0x3)
        openat(3,"../../",O_RDONLY|0x800000,00)          ERR#93 'Capabilities insufficient'
        openat(3,"/etc/passwd",O_RDONLY|0x800000,00)     ERR#93 'Capabilities insufficient'
    
    Fixes:          1f305be43 ("Document {O,AT}_RESOLVE_BENEATH...")
    Reviewed by:    kib, pauamma (manpages), emaste
    Sponsored by:   https://www.patreon.com/valpackett
    Pull Request:   https://github.com/freebsd/freebsd-src/pull/680
    Differential Revision: https://reviews.freebsd.org/D38675
---
 lib/libc/sys/open.2 | 39 +++++++++++++++++++++++----------------
 1 file changed, 23 insertions(+), 16 deletions(-)

diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2
index 876a4ce1e57d..574b6b136d39 100644
--- a/lib/libc/sys/open.2
+++ b/lib/libc/sys/open.2
@@ -28,7 +28,7 @@
 .\"     @(#)open.2	8.2 (Berkeley) 11/16/93
 .\" $FreeBSD$
 .\"
-.Dd April 22, 2022
+.Dd March 2, 2023
 .Dt OPEN 2
 .Os
 .Sh NAME
@@ -572,12 +572,6 @@ and
 .Dv O_EXEC
 or
 .Dv O_SEARCH .
-.It Bq Er EINVAL
-The
-.Dv O_RESOLVE_BENEATH
-flag is specified and
-.Dv path
-is absolute.
 .It Bq Er EBADF
 The
 .Fa path
@@ -606,19 +600,32 @@ is specified and the process is in capability mode.
 was called and the process is in capability mode.
 .It Bq Er ENOTCAPABLE
 .Fa path
-is an absolute path,
-or contained a ".." component leading to a
-directory outside of the directory hierarchy specified by
-.Fa fd ,
+is an absolute path and the process is in capability mode.
+.It Bq Er ENOTCAPABLE
+.Fa path
+is an absolute path and
+.Dv O_RESOLVE_BENEATH
+is specified.
+.It Bq Er ENOTCAPABLE
+.Fa path
+contains a ".." component leading to a directory outside
+of the directory hierarchy specified by
+.Fa fd
 and the process is in capability mode.
 .It Bq Er ENOTCAPABLE
-The
+.Fa path
+contains a ".." component leading to a directory outside
+of the directory hierarchy specified by
+.Fa fd
+and
 .Dv O_RESOLVE_BENEATH
-flag was provided, and the relative
+is specified.
+.It Bq Er ENOTCAPABLE
 .Fa path
-escapes the
-.Ar fd
-directory.
+contains a ".." component, the
+.Dv vfs.lookup_cap_dotdot
+.Xr sysctl 3
+is set, and the process is in capability mode.
 .El
 .Sh SEE ALSO
 .Xr chmod 2 ,