traceroute6: Fix rights for rcvsock
ClosedPublic
Actions

Authored by markj on Mar 31 2021, 10:41 PM.

Details

Reviewers

Commits

rGd3f2c31b43b7: traceroute6: Fix Capsicum rights for rcvsock
rGb8ae450f05e6: traceroute6: Fix Capsicum rights for rcvsock

Summary

Always use distinct sockets for send and recv
Limit rights on the recv socket
Limit rights before entering capability mode

For ICMP6 we were using the same socket for both, and we limited rights
on the socket such that it's impossible to receive anything.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Mar 31 2021, 10:41 PM

Herald added a subscriber: imp. · View Herald TranscriptMar 31 2021, 10:41 PM

markj requested review of this revision.Mar 31 2021, 10:41 PM

Harbormaster completed remote builds in B38229: Diff 86648.Mar 31 2021, 10:41 PM

zlei added a subscriber: zlei.Apr 1 2021, 4:56 AM

zlei added inline comments.

usr.sbin/traceroute6/traceroute6.c
942	Copy paste typo
947	It looks good entering capability mode before limiting rights. So no need to adjust here.

After addressing @zlei.huang_gmail.com points - LGTM.

Address feedback.

Harbormaster completed remote builds in B38248: Diff 86686.Apr 1 2021, 2:00 PM

This revision was not accepted when it landed; it landed in state Needs Review.Apr 1 2021, 2:01 PM

Closed by commit rGb8ae450f05e6: traceroute6: Fix Capsicum rights for rcvsock (authored by markj). · Explain Why

This revision was automatically updated to reflect the committed changes.

markj added a commit: rGb8ae450f05e6: traceroute6: Fix Capsicum rights for rcvsock.

markj added a commit: rGd3f2c31b43b7: traceroute6: Fix Capsicum rights for rcvsock.Apr 5 2021, 1:52 PM

Revision Contents
Changeset List

Path

Size

usr.sbin/

traceroute6/

traceroute6.c

9 lines

Diff 86687

View Options

usr.sbin/traceroute6/traceroute6.c

traceroute6: Fix rights for rcvsockClosedPublicActions