[Bug 277908] Capsicum filesystem extended attribute support is broken
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277908] Capsicum filesystem extended attribute support is broken"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277908] Capsicum filesystem extended attribute support is broken"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277908] zfs: cannot lookup extended attributes in capability mode"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277908] zfs: cannot lookup extended attributes in capability mode"
- Reply: bugzilla-noreply_a_freebsd.org: "[Bug 277908] zfs: cannot lookup extended attributes in capability mode"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 23 Mar 2024 15:57:33 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277908 Bug ID: 277908 Summary: Capsicum filesystem extended attribute support is broken Product: Base System Version: 14.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: shawn.webb@hardenedbsd.org Attachment #249428 text/plain mime type: Created attachment 249428 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=249428&action=edit Example test case code The extattr_get_fd(2) syscall is broken for file descriptors with the CAP_EXTATTR_GET capability in a Capabilities-enabled process. Though I haven't tried them, I suspect extattr_list_fd(2) and extattr_set_fd(2) is broken as well (assuming the file descriptor has the matching CAP_EXTATTR_* rights(4)). I've written a test case here: https://git.hardenedbsd.org/shawn.webb/broken-capsicum/-/tree/main/extattr?ref_type=heads Reproduction steps are as follows: 1. git clone https://git.hardenedbsd.org/shawn.webb/broken-capsicum.git 2. cd broken-capsicum/extattr 3. make 4. touch /tmp/testfile-01 4. (as root) setextattr system test-01 asdf /tmp/testfile-01 5. (as root) obj/extattr /tmp/testfile-01 A message will be printed out: "extattr_get_fd: Not permitted in capability mode" From reading the rights(4) manual page, the only thing needed for getting a filesystem extended attribute value in a capabilities-enabled process is that the file descriptor has the CAP_EXTATTR_GET capability. ZFS is being used on the systems I've tested. I don't know if UFS versus ZFS makes any difference. -- You are receiving this mail because: You are the assignee for the bug.