From nobody Mon Apr 29 04:48:53 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VSW7T3H74z5JDnM; Mon, 29 Apr 2024 04:48:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VSW7T2ZBGz4B82; Mon, 29 Apr 2024 04:48:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714366133; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KEgsUjrfiQhTj6Jnalp/3wLVF0SB8FXS8qjCt4If/Co=; b=lB0lNqfcPIcAg3Kt9VpLvHmICKAWBOyHt6hrX8IUHPYjd2iVDb2bpp8zWDP37acEFH4GCz jKQEX69qkqFJgynCUYbv6xOHVhUM4hIrZ4Fd0XqXtkNw9dNDdySqVPoeKBqttNRiHERqTw Pqz8Zo1LA7ktlPSF0NdLuCYTmvM0uAc2NyO7EZf1gNqfuiAVWyVNroxYpHWEAe15gbq+4I 0GGl3ETYpgyKY+PdvxBpbeBKKZV6uJRrZ9dPnjNEahfFV0gRRc+UVY/XSFwZ8CLlPFIRte A56MaoAQF7V6NFpVlWDrtvcq9Q1vjXVYWTSbYZEDWi3VRxY0uxGUfQNl84EgrA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714366133; a=rsa-sha256; cv=none; b=ppVp6NjTCcFcd55m+AFaHHj7CRZPI7DjTYszpsTSGuVWbOoQOjGXybFcC0hxfOwnj4N7EX elZ61UDRqXfzVQit1lTIJKLDL9ohXXW6cQtNxuvrogtxeeK1qLbW2bhtdcqmN1F9vPdGNk bCkyaWnC2cvJ9hxjusZN5EgOsUaK83W8141Ero2GUCC3tKCMO0w6N6QQBCEGCdWBs+LLwt PXZnAP2GcibR9FTwQe/x9QpfXaGAOcdSBiZ1A8MnsaZotL0DNKnKZTug2uyAJEjOF3kQwH h3SswI9ARZxbp/xpJjUHGKgAvaaKYGpQ+qzvYk30lruuDGuVsC7Jh87nG+lNcA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714366133; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=KEgsUjrfiQhTj6Jnalp/3wLVF0SB8FXS8qjCt4If/Co=; b=kdinHnXCIp0Y6Ed51yuZYffLdNNJlE6nnfLirGhD5S32Cw9YM3eeZuwJyhFIgBgd+UyMoE nJX6rI+wRmywBIzCAmsXN7kV9Fw8XXeJ0bkkUgwrAfr4RvWoADlty35gCW8uAnDw7Ad187 VKeP4Sg+mF4/Ujs+/HlB9YEhGCOEMKndyt8iu3OMTxmhV2IK+s242mxFHFfhP6SKlvZA6n 137cMoZeqSQ6Nw1tptpvI2wqVgZrcMQbisi4hClcAyd57Yin9pzFRkrdPyv/B8QbO1YeTl AaaigClS8huZtEq0PpQgZucJC08yp8Ss5RxqZHFIiheCajyTM+U52B9x59AzlA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VSW7T1GbJzvjw; Mon, 29 Apr 2024 04:48:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43T4mrGI079195; Mon, 29 Apr 2024 04:48:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43T4mrnw079192; Mon, 29 Apr 2024 04:48:53 GMT (envelope-from git) Date: Mon, 29 Apr 2024 04:48:53 GMT Message-Id: <202404290448.43T4mrnw079192@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Warner Losh Subject: git: d289382897e7 - main - rights.4: various corrections on capability rights List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d289382897e7ded566a3aa10ae535235149c4056 Auto-Submitted: auto-generated The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=d289382897e7ded566a3aa10ae535235149c4056 commit d289382897e7ded566a3aa10ae535235149c4056 Author: CismonX AuthorDate: 2024-04-29 04:48:26 +0000 Commit: Warner Losh CommitDate: 2024-04-29 04:48:31 +0000 rights.4: various corrections on capability rights - A file descriptor obtained from accept(2), accept4(2) and openat(2) is not always assigned all capability rights. Instead, it inherits capability rights from the "parent" socket/dir file descriptor. - getdents(2) and getdirentries(2) requires CAP_READ. - openat(2) with O_WRONLY|O_TRUNC does not require CAP_SEEK. Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1207 --- lib/libsys/cap_rights_limit.2 | 12 +++++++----- share/man/man4/rights.4 | 21 +++++++++++++++------ 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/lib/libsys/cap_rights_limit.2 b/lib/libsys/cap_rights_limit.2 index eca30f55ea48..8372d07f6a5c 100644 --- a/lib/libsys/cap_rights_limit.2 +++ b/lib/libsys/cap_rights_limit.2 @@ -30,7 +30,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd March 9, 2023 +.Dd April 27, 2024 .Dt CAP_RIGHTS_LIMIT 2 .Os .Sh NAME @@ -44,20 +44,22 @@ .Fn cap_rights_limit "int fd" "const cap_rights_t *rights" .Sh DESCRIPTION When a file descriptor is created by a function such as -.Xr accept 2 , -.Xr accept4 2 , .Xr fhopen 2 , .Xr kqueue 2 , .Xr mq_open 2 , .Xr open 2 , -.Xr openat 2 , .Xr pdfork 2 , .Xr pipe 2 , .Xr shm_open 2 , .Xr socket 2 or .Xr socketpair 2 , -it is assigned all capability rights. +it is assigned all capability rights; for +.Xr accept 2 , +.Xr accept4 2 +or +.Xr openat 2 , +it inherits capability rights from the "parent" file descriptor. Those rights can be reduced (but never expanded) by using the .Fn cap_rights_limit system call. diff --git a/share/man/man4/rights.4 b/share/man/man4/rights.4 index 2d44a1060006..3e5e18fc65d8 100644 --- a/share/man/man4/rights.4 +++ b/share/man/man4/rights.4 @@ -30,7 +30,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd March 22, 2024 +.Dd April 27, 2024 .Dt RIGHTS 4 .Os .Sh NAME @@ -38,20 +38,22 @@ .Nd Capsicum capability rights for file descriptors .Sh DESCRIPTION When a file descriptor is created by a function such as -.Xr accept 2 , -.Xr accept4 2 , .Xr fhopen 2 , .Xr kqueue 2 , .Xr mq_open 2 , .Xr open 2 , -.Xr openat 2 , .Xr pdfork 2 , .Xr pipe 2 , .Xr shm_open 2 , .Xr socket 2 or .Xr socketpair 2 , -it is assigned all capability rights. +it is assigned all capability rights; for +.Xr accept 2 , +.Xr accept4 2 +or +.Xr openat 2 , +it inherits capability rights from the "parent" file descriptor. Those rights can be reduced (but never expanded) by using the .Xr cap_rights_limit 2 , .Xr cap_fcntls_limit 2 and @@ -501,7 +503,10 @@ with the is also required), .Xr preadv 2 .Dv ( CAP_SEEK -is also required) and related system calls. +is also required), +.Xr getdents 2 , +.Xr getdirentries 2 , +and related system calls. .It Dv CAP_RECV An alias to .Dv CAP_READ . @@ -611,6 +616,8 @@ with the .Dv O_WRONLY flag, but without the .Dv O_APPEND +or +.Dv O_TRUNC flag, .Dv CAP_SEEK is also required. @@ -657,6 +664,8 @@ is also required. .Xr fsync 2 , .Xr ftruncate 2 , .Xr futimes 2 , +.Xr getdents 2 , +.Xr getdirentries 2 , .Xr getpeername 2 , .Xr getsockname 2 , .Xr getsockopt 2 ,