Page MenuHomeFreeBSD
Paste P574

ktrace exec CAPFAIL_VFS
ArchivedPublic
Actions

Authored by jfree on Jun 5 2023, 3:08 PM.
Tags
None
Referenced Files
F62354501: ktrace exec CAPFAIL_VFS
Jun 5 2023, 3:08 PM
Subscribers
None
interpret:
if (args->fname != NULL) {
#ifdef CAPABILITY_MODE
+#ifdef KTRACE
+ /* XXXJF ONLY CHECK AFTER FIRST EXEC */
+ if (CAP_TRACING(td))
+ ktrcapfail(CAPFAIL_VFS, NULL, NULL);
+#endif
/*
* While capability mode can't reach this point via direct
* path arguments to execve(), we also don't allow
* interpreters to be used in capability mode (for now).
* Catch indirect lookups and return a permissions error.
*/
if (IN_CAPABILITY_MODE(td)) {
error = ECAPMODE;
goto exec_fail;
}
#endif

Event Timeline

jfree created this paste.Jun 5 2023, 3:08 PM
jfree created this object in space S1 Global.
jfree added a comment.Jun 5 2023, 3:31 PM
This comment was removed by jfree.
jfree added a comment.Jun 5 2023, 3:31 PM
925 ktrace   CAP   disallowed system call: execve
925 ktrace   CAP   restricted VFS operation: execve
925 ktrace   CAP   disallowed system call: execve
925 ktrace   CAP   restricted VFS operation: execve
925 ktrace   CAP   disallowed system call: execve
925 ktrace   CAP   restricted VFS operation: execve
925 ktrace   CAP   disallowed system call: execve
925 ktrace   CAP   restricted VFS operation: execve
925 ktrace   CAP   disallowed system call: execve
925 ktrace   CAP   restricted VFS operation: execve
925 ktrace   CAP   disallowed system call: execve
925 ktrace   CAP   restricted VFS operation: execve
925 ktrace   CAP   restricted VFS operation: execve
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: readlink
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: open
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
925 unzip    CAP   disallowed system call: mkdir
jfree added a comment.Jun 5 2023, 3:40 PM
1030 ktrace   CAP   disallowed system call: execve
1030 ktrace   CAP   restricted VFS operation: execve
1030 ktrace   NAMI  "/root/.local/share/cargo/bin/unzip"
1030 ktrace   CAP   disallowed system call: execve
1030 ktrace   CAP   restricted VFS operation: execve
1030 ktrace   NAMI  "/root/.local/share/go/bin/unzip"
1030 ktrace   CAP   disallowed system call: execve
1030 ktrace   CAP   restricted VFS operation: execve
1030 ktrace   NAMI  "/sbin/unzip"
1030 ktrace   CAP   disallowed system call: execve
1030 ktrace   CAP   restricted VFS operation: execve
1030 ktrace   NAMI  "/bin/unzip"
1030 ktrace   CAP   disallowed system call: execve
1030 ktrace   CAP   restricted VFS operation: execve
1030 ktrace   NAMI  "/usr/sbin/unzip"
1030 ktrace   CAP   disallowed system call: execve
1030 ktrace   CAP   restricted VFS operation: execve
1030 ktrace   NAMI  "/usr/bin/unzip"
1030 ktrace   CAP   restricted VFS operation: execve
1030 ktrace   NAMI  "/libexec/ld-elf.so.1"
jfree archived this paste.Jun 22 2023, 4:01 PM