tftpd:capsicumize tftpd
Needs ReviewPublic
Actions

Authored by hanslu952_gmail.com on Aug 13 2024, 11:54 AM.

Details

Reviewers

oshogbo
lwhsu

Summary

Enter libcasper service to enter capability mode,and adjust how tftpd interacts with
socket,because it violates capability.
I reimplemented the underlying file operation with cap_fileargs.

Trivial:

$ mkdir /tftproot
$ cd /tftproot
$ vim testfile
$ tftp localhost

tftp> get testfile

Normal:

$ cd /usr/tests/libexec/tftpd
$ kyua test -k Kyuafile
one case testing
$ kyua debug -k Kyuafile functional:testcase

Set up enotcapable to get coredump

sysctl kern.trap_enotcap=1
sysctl kern.corefile= /tmp/coredumps/%N.core
gdb executable corefile

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 59001
Build 55888: arc lint + arc unit

Event Timeline

hanslu952_gmail.com created this revision.Aug 13 2024, 11:54 AM

Herald added subscribers: jonathan, imp. · View Herald TranscriptAug 13 2024, 11:54 AM

hanslu952_gmail.com requested review of this revision.Aug 13 2024, 11:54 AM

Harbormaster completed remote builds in B59001: Diff 142037.Aug 13 2024, 11:54 AM

hanslu952_gmail.com edited the summary of this revision. (Show Details)Aug 15 2024, 5:29 PM

hanslu952_gmail.com edited the test plan for this revision. (Show Details)

oshogbo added inline comments.Aug 20 2024, 12:43 PM

libexec/tftpd/tftpd.c
247	Are we in a capability mode? Why we need casper?
579	Style.
720	Wy style change?
735	Style.
745	Please reformat this whole section.
747	Do we expect function `validate_access` to enter capability mode? We don't have a better place?