[Bug 277908] Capsicum filesystem extended attribute support is broken

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 23 Mar 2024 15:57:33 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277908

            Bug ID: 277908
           Summary: Capsicum filesystem extended attribute support is
                    broken
           Product: Base System
           Version: 14.0-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: shawn.webb@hardenedbsd.org
 Attachment #249428 text/plain
         mime type:

Created attachment 249428
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=249428&action=edit
Example test case code

The extattr_get_fd(2) syscall is broken for file descriptors with the
CAP_EXTATTR_GET capability in a Capabilities-enabled process. Though I haven't
tried them, I suspect extattr_list_fd(2) and extattr_set_fd(2) is broken as
well (assuming the file descriptor has the matching CAP_EXTATTR_* rights(4)).

I've written a test case here:
https://git.hardenedbsd.org/shawn.webb/broken-capsicum/-/tree/main/extattr?ref_type=heads

Reproduction steps are as follows:

1. git clone https://git.hardenedbsd.org/shawn.webb/broken-capsicum.git
2. cd broken-capsicum/extattr
3. make
4. touch /tmp/testfile-01
4. (as root) setextattr system test-01 asdf /tmp/testfile-01
5. (as root) obj/extattr /tmp/testfile-01

A message will be printed out: "extattr_get_fd: Not permitted in capability
mode"

From reading the rights(4) manual page, the only thing needed for getting a
filesystem extended attribute value in a capabilities-enabled process is that
the file descriptor has the CAP_EXTATTR_GET capability.

ZFS is being used on the systems I've tested. I don't know if UFS versus ZFS
makes any difference.

-- 
You are receiving this mail because:
You are the assignee for the bug.