kern/185384: [libcapsicum] cap_init(3) doesn't work in multiuser environment
Jan Beich
jbeich at tormail.org
Wed Jan 1 06:20:00 UTC 2014
>Number: 185384
>Category: kern
>Synopsis: [libcapsicum] cap_init(3) doesn't work in multiuser environment
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jan 01 06:20:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Jan Beich
>Release:
>Organization:
>Environment:
>Description:
While r259581 enabled casperd(8) by default the socket it creates is
owned by root and cannot be written to by anyone else. An existing
consumer that tries to contact it via cap_init(3) under non-root would
fail with a warning like
tcpdump: WARNING: unable to contact casperd
However, casperd(8) manpage hints -S and -P options can be used to
start the daemon with non-default paths. This doesn't seem to work as
expected because cap_init(3) hardcodes CASPER_SOCKPATH.
>How-To-Repeat:
$ ktrace ls >/dev/null
$ kdump -r >/dev/null
kdump: unable to contact casperd: Permission denied
$ sudo tcpdump -w foo -i my0
$ tcpdump -r foo >/dev/null
reading from file foo, link-type EN10MB (Ethernet)
tcpdump: WARNING: unable to contact casperd
^C
$ ps lwp $(pgrep casper)
UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND
0 851 1 0 20 0 22788 1988 select Is - 0:00.00 /sbin/casperd
0 850 1 0 20 0 22788 1984 select I v0- 0:00.00 casperd: zygote (casperd)
>Fix:
A trivial workaround for use after login
# put into ~/.profile or /etc/profile
: ${CASPERD_DIR:=/tmp/casperd-$(id -u)}
mkdir -p $CASPERD_DIR
casperd -P $CASPERD_DIR/default.pid -S $CASPERD_DIR/default.socket
export CASPER_SOCKPATH=$CASPERD_DIR/default.socket
--- getenv_sockpath.diff begins here ---
Index: lib/libcapsicum/libcapsicum.3
===================================================================
--- lib/libcapsicum/libcapsicum.3 (revision 260159)
+++ lib/libcapsicum/libcapsicum.3 (working copy)
@@ -218,6 +218,16 @@ The
and
.Fn cap_unwrap
functions always succeed.
+.Sh ENVIRONMENT
+.Bl -tag -width ".Ev CASPER_SOCKPATH"
+.It Ev CASPER_SOCKPATH
+Specifies the path to
+.Xr unix 4
+domain socket used to communicate with the
+.Xr casperd 8
+daemon. If not set,
+.Pa /var/run/casper
+is used.
.Sh EXAMPLES
The following example first opens capability to the
.Xr casperd 8
Index: lib/libcapsicum/libcapsicum.c
===================================================================
--- lib/libcapsicum/libcapsicum.c (revision 260159)
+++ lib/libcapsicum/libcapsicum.c (working copy)
@@ -76,7 +76,7 @@ cap_init(void)
bzero(&sun, sizeof(sun));
sun.sun_family = AF_UNIX;
- strlcpy(sun.sun_path, CASPER_SOCKPATH, sizeof(sun.sun_path));
+ strlcpy(sun.sun_path, getenv("CASPER_SOCKPATH") ? : CASPER_SOCKPATH, sizeof(sun.sun_path));
sun.sun_len = SUN_LEN(&sun);
sock = socket(AF_UNIX, SOCK_STREAM, 0);
--- getenv_sockpath.diff ends here ---
Alternatively, casperd(8) can be run under a dedicated user/group
with only one instance.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list