Page MenuHomeFreeBSD
Differential D17485

Allow the ND6 default route and prefix lists to be read in capability mode.
AbandonedPublic
Actions

Authored by markj on Oct 9 2018, 4:42 PM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 23 2023, 2:22 AM
Unknown Object (File)
Jun 16 2023, 4:56 AM
Subscribers
ae
emaste
oshogbo

Details

Reviewers
allanjude
oshogbo
Group Reviewers
capsicum
Summary

This is needed for capsicumization of some network code. These lists
are maintained by the kernel and can be dumped by any user (e.g., with
ndp -p or ndp -r); I can't see any reason to prohibit access in cap
mode.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 20094
Build 19592: arc lint + arc unit

Event Timeline

markj created this revision.Oct 9 2018, 4:42 PM
Herald added a subscriber: ae. · View Herald TranscriptOct 9 2018, 4:42 PM
Harbormaster completed remote builds in B20094: Diff 48941.Oct 9 2018, 4:42 PM
markj retitled this revision from Allow the default route and prefix lists to be read in capability mode. to Allow the ND6 default route and prefix lists to be read in capability mode..Oct 9 2018, 4:43 PM
markj added a reviewer: capsicum.
oshogbo added a subscriber: oshogbo.Oct 9 2018, 4:45 PM

Why don't use casper for that (e.g. cap_sysctlbyname) ?

allanjude accepted this revision as: allanjude.Oct 9 2018, 4:46 PM
This revision is now accepted and ready to land.Oct 9 2018, 4:46 PM
oshogbo requested changes to this revision.Oct 9 2018, 4:46 PM
This revision now requires changes to proceed.Oct 9 2018, 4:46 PM
markj added a comment.Oct 9 2018, 5:07 PM
In D17485#373089, @oshogbo wrote:

Why don't use casper for that (e.g. cap_sysctlbyname) ?

I considered that and decided not to for two reasons:

  1. These sysctls don't have names, so the existing API isn't sufficient.
  2. It seems a bit silly - what do we gain by restricting access to these read-only sysctls?

If 1) can be addressed, I'll do it, but I don't understand the threat model which makes that approach preferable.

emaste added a subscriber: emaste.Oct 9 2018, 8:07 PM
emaste added a comment.Oct 9 2018, 8:26 PM

Perhaps a topic for discussion at the Vendor/Dev Summit next week

markj abandoned this revision.Nov 6 2018, 3:52 PM

I don't need this after all: the code which uses the sysctl value performs some other actions which require a casper helper.

We also discussed this a bit at MeetBSD; Mariusz made the point that the approach of exposing whichever random sysctls happen to be needed isn't really sustainable. I'm doing some work to flesh out cap_sysctl a bit further.

Revision Contents
Changeset List

PathSize
sys/
netinet6/
4 lines

Diff 48941

View Options

sys/netinet6/nd6.c

Loading...