Weekly status report #3
Mario Oshogbo
oshogbo at FreeBSD.org
Tue Jul 16 09:53:49 UTC 2013
Hi,
I almost finished implementing CAP_SEND_RIGHTS and CAP_RECV_RIGHTS.
I implemented two different approach to the problem.
First method was to give capability rights deeper to the functions that
operate on sent/received package. This method you can see on
http://p4web.freebsd.org/@md=d&cd=//depot/user/oshogbo/&c=c5V@//depot/user/oshogbo/capsicum_rights/?ac=83
This method is very invasive and it force to change a lot of interface
to do it.
The scened method was to check rights in function sorecive/sosend, so on
very higher level then in the first approach. This method is good for
sending descriptors but its very unsecured for receiving descriptors.
When we checking rights to recv the descriptors are already allocated in
userland memory. Even if we decided to free descriptors after checking
rights, we can image attack that will duplicate the descriptor using
another thread before we check rights and free those descriptors.
This approach you can see on this branch:
http://p4web.freebsd.org/@md=d&cd=//depot/user/oshogbo/&c=c5V@//depot/user/oshogbo/capsicum_rights2/?ac=83
There are still few things that my Mentor recommender my to discuss on
freebsd-net mailing group list.
You can fallow the first thread on
http://lists.freebsd.org/pipermail/freebsd-net/2013-July/036050.html
My mentor and I write few words for FreeBSD status reports:
http://www.freebsd.org/news/status/report-2013-04-2013-06.html#New-Capsicum-Features
I also decided to write some blog post about configuring FreeBSD
diskless on VirtualBox:
http://oshogbo.vexillium.org/news/28/
Cheers,
oshogbo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/soc-status/attachments/20130716/299dce09/attachment.sig>
More information about the soc-status
mailing list