Page MenuHomeFreeBSD

capsicum_helpers: split stream cap bits out of caph_limit_stream()
ClosedPublic

Authored by kevans on Jan 1 2020, 8:53 PM.
Tags
None
Referenced Files
F108515938: D22993.id66218.diff
Sat, Jan 25, 7:51 PM
F108513923: D22993.id66277.diff
Sat, Jan 25, 7:32 PM
F108512277: D22993.id66267.diff
Sat, Jan 25, 7:17 PM
Unknown Object (File)
Tue, Jan 21, 2:21 PM
Unknown Object (File)
Fri, Jan 17, 3:57 PM
Unknown Object (File)
Thu, Jan 16, 4:24 PM
Unknown Object (File)
Sat, Jan 11, 11:25 PM
Unknown Object (File)
Dec 18 2024, 5:51 AM
Subscribers

Details

Summary

The goal here is to make it so applications can take the rights one would normally get by calling caph_limit_stream() on a descriptor and build on them as needed.

My current use-case is inetd, where the control socket's rights will be caph_stream_rights() + ACCEPT/BIND/LISTEN/SETSOCKOPT, and once a client connects we limit those sockets further to caph_stream_rights() + SETSOCKOPT. inetd must at least use a superset of caph_stream_rights in case invoked program leads to caph_limit_stdio(), which is quite common. I *think* this is a feasible approach, at least.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 28419

Event Timeline

This seems ok to me. Shouldn't caph_stream_rights() be documented?

It might also be nice to have a caph_limit_stream_rights() or whatever which uses a caller-supplied rights set and limits ioctls like caph_limit_stream() does. I'm not sure if that's really useful though.

lib/libcapsicum/capsicum_helpers.h
51

I think the backslash is not needed.

This revision is now accepted and ready to land.Jan 2 2020, 2:41 PM

LGTM.
Like @markj mentioned please add it to man page.

kevans marked an inline comment as done.

Amend capsicum_helpers(3) and remove useless escape.

This revision now requires review to proceed.Jan 2 2020, 9:30 PM
This revision is now accepted and ready to land.Jan 2 2020, 10:36 PM