From nobody Wed Apr 12 14:49:21 2023 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PxQbB1Fc9z44tbM for ; Wed, 12 Apr 2023 14:49:26 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Received: from sdaoden.eu (sdaoden.eu [217.144.132.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PxQb91hyHz4Vpg for ; Wed, 12 Apr 2023 14:49:25 +0000 (UTC) (envelope-from steffen@sdaoden.eu) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of steffen@sdaoden.eu designates 217.144.132.164 as permitted sender) smtp.mailfrom=steffen@sdaoden.eu; dmarc=none Date: Wed, 12 Apr 2023 16:49:21 +0200 Author: Steffen Nurpmeso From: Steffen Nurpmeso To: freebsd-hackers@freebsd.org Subject: capsicum(4): .. and SIGTRAP causing syscall really is in siginfo_t.si_errno? Message-ID: <20230412144921.8plun%steffen@sdaoden.eu> User-Agent: s-nail v14.9.24-443-g95b3cc3d07 OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD; url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in the world can make no bugs. X-Spamd-Result: default: False [2.13 / 15.00]; MID_CONTAINS_FROM(1.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_SPAM_MEDIUM(0.94)[0.937]; NEURAL_HAM_LONG(-0.88)[-0.879]; NEURAL_SPAM_SHORT(0.37)[0.373]; R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; R_DKIM_NA(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; ASN(0.00)[asn:15987, ipnet:217.144.128.0/20, country:DE]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[sdaoden.eu]; TO_DN_NONE(0.00)[]; MIME_TRACE(0.00)[0:+] X-Rspamd-Queue-Id: 4PxQb91hyHz4Vpg X-Spamd-Bar: ++ X-ThisMailContainsUnwantedMimeParts: N List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org Hello. I am trying to capsicumize a simple daemon (for learning purposes as that runs only in the second line behind postfix), and i have a hard time as that thing is not designed for that (for said reasons). And want to say OpenBSD pledge/unveil was very easy, Linux seccomp required design split with dedicated syslog logger process as C libraries are a block box etc etc. (That is needed for FreeBSD, too, and it keeps the casper out. One would really think "just pack it in a ip netns + unshare + capsh or whatever container, or a jail, and do not do anything regarding such restrictions in a daemon, my code blow is about 30 percent by now.) Anyhow. Regardless of 13.1-i386 or 12.2-amd64 (despite no_new_privs) i only see capsicum(4) violation (syscall 93, 4, 5, 0); please report this bug for sip->si_errno, sip->si_code, sip->si_signo, sip->si_status); Mind you (anything but si_errno a sign of despair), i also saw capsicum(4) violation (syscall 94, 4, 5, 0); please report this bug I only ever saw 93 (and the never-existed-it-seems 94), regardless of whatever syscall was missing still (read(2), the false unlink(2), fsync(2), .. and what not). If only realpath(3->2!) would be accessible, i should have placed the configuration file evaluation in its own process, that would make reloading much easier. But that is my problem, sigh. Not insult desired, just interested $ git show origin/main:sbin | grep /\$ | wc -l 84 $ git grep -lE caph?_enter origin/main -- sbin|wc -l 8 $ git show origin/main:usr.sbin | grep /\$ | wc -l 224 $ git grep -lE caph?_enter origin/main -- usr.sbin|wc -l 10 $ git show origin/main:bin | grep /\$ | wc -l 41 $ git grep -lE caph?_enter origin/main -- bin|wc -l 5 $ git show origin/main:usr.bin | grep /\$ | wc -l 275 $ git grep -lE caph?_enter origin/main -- usr.bin|wc -l 42 to see how hard to put it onto existing code. Luckily i test with that simple thing, so a possibly happening different one can be designed a bit more conforming from scratch. But hey, i read This takes the usual shortcut of only sandboxing the last input file. It's a first cut and this program will be easy to adapt to sandbox all files in the future from a December 2016 commit message, and i like the word "easy". Ciao, --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)