After rS308212 Capsicum permits .. lookups in capability mode, as long as path component traversal does not escape the directory corresponding to the provided file descriptor.
Details
Details
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
Perhaps also mention that dotdot is not allowed on non-local fs, unless vfs.lookup_cap_dotdot ise set.
Comment Actions
Please bump .Dd when committing.
lib/libc/sys/open.2 | ||
---|---|---|
493 โ | (On Diff #32976) | I might even drop the "file descriptor" part, as fd must be a file descriptor as covered previously in the document. |
Comment Actions
Good point; perhaps we need to explain both of the sysctls, although I'm not sure how far we'd like to go in covering non-default options.
lib/libc/sys/open.2 | ||
---|---|---|
493 โ | (On Diff #32976) | Thanks for the reminder, I would indeed have forgotten. And will make the suggested amendment too. |