Page MenuHomeFreeBSD

tftpd:capsicumize tftpd
Needs ReviewPublic

Authored by hanslu952_gmail.com on Aug 13 2024, 11:54 AM.
Tags
None
Referenced Files
F98657356: D46281.diff
Fri, Oct 4, 5:59 AM
F98644924: D46281.diff
Fri, Oct 4, 5:08 AM
Unknown Object (File)
Thu, Oct 3, 8:23 AM
Unknown Object (File)
Wed, Oct 2, 8:04 PM
Unknown Object (File)
Mon, Sep 30, 6:32 PM
Unknown Object (File)
Mon, Sep 30, 3:18 AM
Unknown Object (File)
Sun, Sep 29, 8:26 PM
Unknown Object (File)
Sun, Sep 29, 5:51 PM
Subscribers

Details

Reviewers
oshogbo
lwhsu
Summary

Enter libcasper service to enter capability mode,and adjust how tftpd interacts with
socket,because it violates capability.
I reimplemented the underlying file operation with cap_fileargs.

Sponsored by: Google, Inc. (GSoC 2024)

Test Plan

Trivial:

$ mkdir /tftproot
$ cd /tftproot
$ vim testfile
$ tftp localhost

tftp> get testfile

Normal:

$ cd /usr/tests/libexec/tftpd
$ kyua test -k Kyuafile
one case testing
$ kyua debug -k Kyuafile functional:testcase

Set up enotcapable to get coredump

sysctl kern.trap_enotcap=1
sysctl kern.corefile= /tmp/coredumps/%N.core
gdb executable corefile

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 59001
Build 55888: arc lint + arc unit

Event Timeline

hanslu952_gmail.com edited the test plan for this revision. (Show Details)
libexec/tftpd/tftpd.c
247

Are we in a capability mode?
Why we need casper?

579

Style.

720

Wy style change?

735

Style.

745

Please reformat this whole section.

747

Do we expect function validate_access to enter capability mode? We don't have a better place?