[Bug 222632] Enable Capsicum for connect(2)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Sep 26 23:21:32 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632
--- Comment #2 from Shawn Webb <shawn.webb at hardenedbsd.org> ---
Based on research done by Robert Watson, which isn't referenced anywhere in
FreeBSD's official Capsicum documentation, connect(2) isn't ready to be
Capsicumized.
Note that having CAP_CONNECT documented and referenced with CAP_SOCK_CLIENT in
FreeBSD's sys/capsicum.h leads one to believe connect(2) should be available in
capabilities mode. This is in addition to the rights(4) manpage.
As such, I've reverted the referenced commit.
So that leads one to ask the question: how does one properly Capsicumize
applications that call connect(2) on an on-demand basis?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list