Capsicum and connect(2)
Ben Laurie
ben at links.org
Tue Sep 26 22:02:55 UTC 2017
ECAPMODE means the syscall is forbidden, surely?
On 26 September 2017 at 20:37, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
> Hey All,
>
> I'm working on applying Capsicum to Tor. I've got a PoC design for how
> I'm going to do it posted here:
>
> https://github.com/lattera/PoCs/tree/master/capsicum_fdpassing
>
> Note that the above code might have ugly spots. It's mostly just a brain
> dump.
>
> Essentially, the child process creates the socket and passes the
> socket's file descriptor back to the parent. The socket file descriptor
> has the capabilities sets already applied to it before it goes back to
> the parent. The socket creation and file descriptor passing seems to
> work well.
>
> However, what isn't working is calling connect(2) on the socket file
> descriptor in the parent. errno gets set to ECAPMODE. This is puzzling
> to me since CAP_CONNECT is set on the descriptor.
>
> Any help would be appreciated.
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>
> GPG Key ID: 0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
More information about the freebsd-security
mailing list