[Bug 222258] renameat(2) capability error with absolute path names outside of a sandbox
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Sep 16 13:18:33 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222258
Jilles Tjoelker <jilles at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|New |Open
CC| |jilles at FreeBSD.org
--- Comment #6 from Jilles Tjoelker <jilles at FreeBSD.org> ---
(In reply to Ed Maste from comment #5)
The block of code checking for CAP_UNLINKAT should not apply when an absolute
path was originally passed to the system call. This is needed to maintain
POSIX's requirement that renameat() be equivalent to rename() unless either old
or new specifies a relative path. I don't immediately know how to code this
best.
The patch from Conrad Meyer seems wrong since capabilities are supposed to be
enforced for all processes, not only ones in capability mode. This feature may
be useful when passing file descriptors to a process with a lower privilege
level.
In any case, this seems a valid bug.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list