[Bug 277057] rights(4): Not all rights may be specified in a rights mask

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277057

            Bug ID: 277057
           Summary: rights(4): Not all rights may be specified in a rights
                    mask
           Product: Base System
           Version: 15.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: asomers@FreeBSD.org

rights(4) says:

The following rights may be specified in a rights mask:

and proceeds to list most of the CAP_* rights, excluding only the UNUSED ones
and the some of compounds (like CAP_SOCK_CLIENT).  And software does use them
that way, for example:

bin/cat/cat.c
144:        cap_rights_init(&rights, CAP_READ | CAP_FSTAT | CAP_FCNTL |
CAP_SEEK),

However, not all rights may be specified in a mask together.  It appears, from
testing, that only rights whose index is 0 may be ORed with other rights whose
index is 0, and similarly for index 1.  Attempting to violate this rule will
trigger an assertion and abort the program:

Assertion failed: (i >= 0), function cap_rights_vset, file
/usr/home/somers/src/freebsd.org/src/sys/kern/subr_capability.c, line 188.
Process with PID 3539 exited with signal 6 and dumped core; attempting to
gather stack trace
[New LWP 100728]
Core was generated by `/usr/tests/sys/capsicum/rights -vdisks=/dev/vtbd1
/dev/vtbd2 /dev/vtbd3 /dev/vtb'.
Program terminated with signal SIGABRT, Aborted.
Sent by thr_kill() from pid 3539 and user 1000.
#0  thr_kill () at thr_kill.S:4
4       RSYSCALL(thr_kill)
#0  thr_kill () at thr_kill.S:4
#1  0x00003199593035d4 in __raise (s=s@entry=6) at
/usr/home/somers/src/freebsd.org/src/lib/libc/gen/raise.c:48
#2  0x00003199593b6999 in abort () at
/usr/home/somers/src/freebsd.org/src/lib/libc/stdlib/abort.c:61
#3  0x00003199592e68a1 in __assert (func=<optimized out>, file=<optimized out>,
line=line@entry=188, failedexpr=<optimized out>) at
/usr/home/somers/src/freebsd.org/src/lib/libc/gen/assert.c:47
#4  0x00003199593a93d0 in cap_rights_vset (rights=rights@entry=0x3199575d8c20,
ap=ap@entry=0x3199575d8bc0) at
/usr/home/somers/src/freebsd.org/src/sys/kern/subr_capability.c:188
#5  0x00003199593a9274 in __cap_rights_init (version=version@entry=0,
rights=rights@entry=0x3199575d8c20) at
/usr/home/somers/src/freebsd.org/src/sys/kern/subr_capability.c:260
#6  0x00003191372b3640 in atfu_orable_01_body (tc=<optimized out>) at
/usr/home/somers/src/freebsd.org/src/tests/sys/capsicum/rights.c:142
#7  0x0000319958eccff7 in atf_tc_run (tc=0x3191372b5bf0 <atfu_orable_01_tc>,
resfile=<optimized out>) at
/usr/home/somers/src/freebsd.org/src/contrib/atf/atf-c/tc.c:1054
#8  0x0000319958ecf0de in atf_tp_run (tp=tp@entry=0x3199575d90e8,
tcname=tcname@entry=0x37fd6da09020 "orable_01", resfile=0x6 <error: Cannot
access memory at address 0x6>) at
/usr/home/somers/src/freebsd.org/src/contrib/atf/atf-c/tp.c:201
#9  0x0000319958ecfaae in run_tc (tp=0x3199575d90e8, p=0x3199575d9100,
exitcode=<optimized out>) at
/usr/home/somers/src/freebsd.org/src/contrib/atf/atf-c/detail/tp_main.c:504
#10 controlled_main (argc=5, argv=<optimized out>, add_tcs_hook=0x3191372b30a0
<atfu_tp_add_tcs>, exitcode=<optimized out>) at
/usr/home/somers/src/freebsd.org/src/contrib/atf/atf-c/detail/tp_main.c:574
#11 atf_tp_main (argc=5, argv=<optimized out>, add_tcs_hook=0x3191372b30a0
<atfu_tp_add_tcs>) at
/usr/home/somers/src/freebsd.org/src/contrib/atf/atf-c/detail/tp_main.c:604
#12 0x00003199592d806a in __libc_start1 (argc=5, argv=0x3199575da1b0,
env=0x3199575da1e0, cleanup=<optimized out>, mainX=0x3191372b3080 <main>) at
/usr/home/somers/src/freebsd.org/src/lib/libc/csu/libc_start1.c:157
#13 0x00003191372b2ffd in _start () at
/usr/home/somers/src/freebsd.org/src/lib/csu/amd64/crt1_s.S:83

-- 
You are receiving this mail because:
You are the assignee for the bug.