Page MenuHomeFreeBSD
Differential D15221

Disable connectat/bindat with AT_FDCWD parameter in capabilities mode
ClosedPublic
Actions

Authored by jan.kokemueller_gmail.com on Apr 28 2018, 6:09 AM.
Tags
Referenced Files
F148638573: D15221.id42008.diff
Thu, Mar 19, 7:24 AM
F148638570: D15221.id42008.diff
Thu, Mar 19, 7:24 AM
F148602700: D15221.id41949.diff
Thu, Mar 19, 2:11 AM
Unknown Object (File)
Wed, Mar 18, 1:34 AM
Unknown Object (File)
Jan 10 2026, 9:24 AM
Unknown Object (File)
Nov 15 2025, 3:58 AM
Unknown Object (File)
Nov 15 2025, 1:26 AM
Unknown Object (File)
Nov 14 2025, 6:40 PM
View All 86 Files
Subscribers
cem
domagoj.stolfa_gmail.com
emaste
imp
jonathan
oshogbo
Contributor Reviews (src)

Details

Reviewers
domagoj.stolfa_gmail.com
Group Reviewers
manpages
Commits
rS333120: Disable connectat/bindat with AT_FDCWD in capmode
Summary

Currently it is possible to connect a socket by calling "connectat(AT_FDCWD, ...)" even in capabilties mode. This combination should probably be treated the same as a call to connect (i.e. forbidden in capabilities mode).

This patch disables connectat/bindat with AT_FDCWD in capabilities mode, fixes up the documentation and adds some tests.

See also https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222632.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jan.kokemueller_gmail.com created this revision.Apr 28 2018, 6:09 AM
Herald added a reviewer: manpages. · View Herald TranscriptApr 28 2018, 6:09 AM
Herald added subscribers: Contributor Reviews (src), imp. · View Herald Transcript
emaste added a subscriber: emaste.Apr 28 2018, 12:37 PM
emaste added subscribers: cem, jonathan, oshogbo.Apr 28 2018, 12:40 PM

Thank you, I will try to review soon and have added some other Capsicum folks.

If you upload again please include full context, via git diff -U9999 or svn diff -x-U99999 or similar.

domagoj.stolfa_gmail.com accepted this revision.Apr 30 2018, 4:05 PM
domagoj.stolfa_gmail.com added a subscriber: domagoj.stolfa_gmail.com.

Had a quick skim, but LGTM.

This revision is now accepted and ready to land.Apr 30 2018, 4:05 PM
emaste added a comment.Apr 30 2018, 5:16 PM

connectat/bindat description updated in rS333119

Closed by commit rS333120: Disable connectat/bindat with AT_FDCWD in capmode (authored by emaste). · Explain WhyApr 30 2018, 5:31 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
share/
man/
man4/
26 lines
sys/
kern/
10 lines
tests/
sys/
capsicum/
3 lines
233 lines

Diff 42008

View Options

head/share/man/man4/rights.4

Loading...
View Options

head/sys/kern/uipc_syscalls.c

Loading...
View Options

head/tests/sys/capsicum/Makefile

Loading...
View Options

head/tests/sys/capsicum/bindat_connectat.c

Loading...