svn commit: r341689 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys

John Baldwin jhb at FreeBSD.org
Fri Dec 7 19:34:58 UTC 2018


On 12/7/18 10:59 AM, Conrad Meyer wrote:
> On Fri, Dec 7, 2018 at 10:05 AM John Baldwin <jhb at freebsd.org> wrote:
>> The
>> requirement for root mostly mitigates this when root vs not-root is your
>> only privilege.  However, a capsicum vs non-capsicum process is a more
>> recent privilege that is orthogonal to root vs non-root.  It might be that
>> allowing a capsicumized root to create links to files that were intentionally
>> unlinked by a non-capsicumized root would be the same problem.
> 
> None of these syscalls were added to sys/kern/capabilities.conf, so I
> think a capsicum-contained root cannot use them anyway.  Maybe I
> misunderstand how capabilities.conf works, though.

Ok.

-- 
John Baldwin

                                                                            


More information about the svn-src-head mailing list