git: c7a8502bdf18 - main - open.2: describe O_RESOLVE_BENEATH errors correctly
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 02 Mar 2023 20:59:21 UTC
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=c7a8502bdf187ccf035c5b29a93e34cc01346a73 commit c7a8502bdf187ccf035c5b29a93e34cc01346a73 Author: Val Packett <val@packett.cool> AuthorDate: 2023-02-19 20:14:15 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-03-02 20:58:00 +0000 open.2: describe O_RESOLVE_BENEATH errors correctly The behavior is the same as in capability mode, it does not actually return EINVAL for absolute lookups: openat(AT_FDCWD,"/tmp/test",O_RDONLY|O_DIRECTORY,00) = 3 (0x3) openat(3,"../../",O_RDONLY|0x800000,00) ERR#93 'Capabilities insufficient' openat(3,"/etc/passwd",O_RDONLY|0x800000,00) ERR#93 'Capabilities insufficient' Fixes: 1f305be43 ("Document {O,AT}_RESOLVE_BENEATH...") Reviewed by: kib, pauamma (manpages), emaste Sponsored by: https://www.patreon.com/valpackett Pull Request: https://github.com/freebsd/freebsd-src/pull/680 Differential Revision: https://reviews.freebsd.org/D38675 --- lib/libc/sys/open.2 | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2 index 876a4ce1e57d..574b6b136d39 100644 --- a/lib/libc/sys/open.2 +++ b/lib/libc/sys/open.2 @@ -28,7 +28,7 @@ .\" @(#)open.2 8.2 (Berkeley) 11/16/93 .\" $FreeBSD$ .\" -.Dd April 22, 2022 +.Dd March 2, 2023 .Dt OPEN 2 .Os .Sh NAME @@ -572,12 +572,6 @@ and .Dv O_EXEC or .Dv O_SEARCH . -.It Bq Er EINVAL -The -.Dv O_RESOLVE_BENEATH -flag is specified and -.Dv path -is absolute. .It Bq Er EBADF The .Fa path @@ -606,19 +600,32 @@ is specified and the process is in capability mode. was called and the process is in capability mode. .It Bq Er ENOTCAPABLE .Fa path -is an absolute path, -or contained a ".." component leading to a -directory outside of the directory hierarchy specified by -.Fa fd , +is an absolute path and the process is in capability mode. +.It Bq Er ENOTCAPABLE +.Fa path +is an absolute path and +.Dv O_RESOLVE_BENEATH +is specified. +.It Bq Er ENOTCAPABLE +.Fa path +contains a ".." component leading to a directory outside +of the directory hierarchy specified by +.Fa fd and the process is in capability mode. .It Bq Er ENOTCAPABLE -The +.Fa path +contains a ".." component leading to a directory outside +of the directory hierarchy specified by +.Fa fd +and .Dv O_RESOLVE_BENEATH -flag was provided, and the relative +is specified. +.It Bq Er ENOTCAPABLE .Fa path -escapes the -.Ar fd -directory. +contains a ".." component, the +.Dv vfs.lookup_cap_dotdot +.Xr sysctl 3 +is set, and the process is in capability mode. .El .Sh SEE ALSO .Xr chmod 2 ,