Page MenuHomeFreeBSD

open(2): update ENOTCAPABLE error for ..
ClosedPublic

Authored by emaste on Sep 12 2017, 3:37 PM.
Tags
None
Referenced Files
Unknown Object (File)
Nov 8 2024, 6:30 AM
Unknown Object (File)
Oct 14 2024, 6:05 PM
Unknown Object (File)
Oct 5 2024, 10:53 AM
Unknown Object (File)
Oct 5 2024, 6:51 AM
Unknown Object (File)
Oct 2 2024, 8:55 PM
Unknown Object (File)
Oct 2 2024, 5:14 PM
Unknown Object (File)
Sep 30 2024, 2:35 AM
Unknown Object (File)
Sep 29 2024, 8:57 PM
Subscribers

Details

Summary

After rS308212 Capsicum permits .. lookups in capability mode, as long as path component traversal does not escape the directory corresponding to the provided file descriptor.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Perhaps also mention that dotdot is not allowed on non-local fs, unless vfs.lookup_cap_dotdot ise set.

This revision is now accepted and ready to land.Sep 12 2017, 4:26 PM
bjk added a subscriber: bjk.

Please bump .Dd when committing.

lib/libc/sys/open.2
493 โ†—(On Diff #32976)

I might even drop the "file descriptor" part, as fd must be a file descriptor as covered previously in the document.

In D12343#255946, @kib wrote:

Perhaps also mention that dotdot is not allowed on non-local fs, unless vfs.lookup_cap_dotdot ise set.

Good point; perhaps we need to explain both of the sysctls, although I'm not sure how far we'd like to go in covering non-default options.

lib/libc/sys/open.2
493 โ†—(On Diff #32976)

Thanks for the reminder, I would indeed have forgotten. And will make the suggested amendment too.

This revision was automatically updated to reflect the committed changes.