Page MenuHomeFreeBSD

Capsicumify last(1)
ClosedPublic

Authored by cem on Sep 22 2016, 5:34 AM.
Tags
None
Referenced Files
F108238975: D8001.diff
Thu, Jan 23, 12:02 AM
Unknown Object (File)
Thu, Jan 16, 1:11 AM
Unknown Object (File)
Fri, Jan 3, 10:13 AM
Unknown Object (File)
Dec 17 2024, 4:49 PM
Unknown Object (File)
Dec 17 2024, 4:48 PM
Unknown Object (File)
Dec 3 2024, 7:32 PM
Unknown Object (File)
Nov 29 2024, 7:28 AM
Unknown Object (File)
Nov 28 2024, 1:18 PM
Subscribers

Details

Summary

Pretty straightforward as long as access to utx database is precached.

Test Plan
  • truss last
  • Depends on D7998

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 5471
Build 5688: arc lint + arc unit

Event Timeline

cem retitled this revision from to Capsicumify last(1).
cem updated this object.
cem edited the test plan for this revision. (Show Details)
cem added reviewers: ed, emaste, allanjude, oshogbo.
usr.bin/last/last.c
145

There's no problem with just calling setutxent() here, right? That looks a bit less suspicious than opening/closing the utx database. Also be sure to put the comment above on a single line. :-)

150

I think that this some in too early. What about last -f? It can open an arbitrary file.

Open arbitray -f database before entering cap mode.

cem marked 2 inline comments as done.Sep 23 2016, 4:41 PM
usr.bin/last/last.c
132

... that way you can remove this setutxent() call! :-)

All we need is at least one call to setutxent() or setutxdb(). It's completely safe to call setutxdb() with a NULL path, as that will make it open the default path.

153

What you can do: just move this right before the cap_enter() call, outside of this switch statement, because...

cem marked 2 inline comments as done.

Use single setutxdb() invocation.

Can now make use of capsicum helpers added in rS306657

cem edited edge metadata.
  • Use capsicum_helpers

There are some concerning capability access violations in truss logs still:

// Probably tzset():
access("/etc/localtime",R_OK)                    = 0 (0x0)
open("/etc/localtime",O_RDONLY,037777777600)     = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=11316113,size=2819,blksize=32768 }) = 0 (0x0)
read(3,"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0"...,41448) = 2819 (0xb03)
close(3)                                         = 0 (0x0)
issetugid()                                      = 0 (0x0)
open("/usr/share/zoneinfo/posixrules",O_RDONLY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=327579,size=3519,blksize=32768 }) = 0 (0x0)
read(3,"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0"...,41448) = 3519 (0xdbf)
close(3)                                         = 0 (0x0)
...
cap_enter()                                      = 0 (0x0)
...
// Why wasn't this stuff cached by tzset()?
open("/usr/share/zoneinfo/UTC",O_RDONLY,00)      ERR#94 'Not permitted in capability mode'
issetugid()                                      = 0 (0x0)
open("/usr/share/zoneinfo/posixrules",O_RDONLY,00) ERR#94 'Not permitted in capability mode'

Needs a little more investigation before being ready to commit.

In D8001#169271, @cem wrote:

Needs a little more investigation before being ready to commit.

you should be able to use proccontrol -m trapcap -s enable <cmd> now to find out where the useis coming from

you should be able to use proccontrol -m trapcap -s enable <cmd> now to find out where the useis coming from

I don't have a new enough kernel or userspace for that :-).

I will try to test this change locally soon

usr.bin/last/last.c
62

Should sort with the rest of the headers, no?

usr.bin/last/last.c
62

Sure.

Sort capsicum_helpers with other headers.

Thanks. I will apply this to my local tree soon and give it a test with procctl.

Thanks. I will apply this to my local tree soon and give it a test with procctl.

Did you ever get a chance to test this? Thanks!

This revision was automatically updated to reflect the committed changes.