[Bug 222258] renameat(2) capability error with absolute path names outside of a sandbox
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Sep 16 16:24:45 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222258
Mateusz Guzik <mjg at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mjg at FreeBSD.org
--- Comment #9 from Mateusz Guzik <mjg at FreeBSD.org> ---
Now this is sketchy. So when you openat/whatever with an absolute path caps are
not getting populated and the dir fd is not logged by audit. On the other hand
the fd is not used in the lookup, so making its caps affect the outcome anyway
may not be the right thing to do here.
There is also potential crappery with startdir (used by nfs).
I guess restructuring is the way to go here.
Note there is a much-needed cleanup to do here anyway: audit code *duplicates*
the logic used to determine starting vnodes.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list