[Bug 222632] connect(2) not available in capability mode
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Apr 30 17:31:20 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632
--- Comment #24 from commit-hook at freebsd.org ---
A commit references this bug:
Author: emaste
Date: Mon Apr 30 17:31:07 UTC 2018
New revision: 333120
URL: https://svnweb.freebsd.org/changeset/base/333120
Log:
Disable connectat/bindat with AT_FDCWD in capmode
Previously it was possible to connect a socket (which had the
CAP_CONNECT right) by calling "connectat(AT_FDCWD, ...)" even in
capabilties mode. This combination should be treated the same as a call
to connect (i.e. forbidden in capabilities mode). Similarly for bindat.
Disable connectat/bindat with AT_FDCWD in capabilities mode, fix up the
documentation and add tests.
PR: 222632
Submitted by: Jan Kokem?ller <jan.kokemueller at gmail.com>
Reviewed by: Domagoj Stolfa
MFC after: 1 week
Relnotes: Yes
Differential Revision: https://reviews.freebsd.org/D15221
Changes:
head/share/man/man4/rights.4
head/sys/kern/uipc_syscalls.c
head/tests/sys/capsicum/Makefile
head/tests/sys/capsicum/bindat_connectat.c
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list