From nobody Thu Oct 03 11:54:40 2024 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XK98J6hfFz5YD4D for ; Thu, 03 Oct 2024 11:54:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XK98J5cfwz4M4v for ; Thu, 3 Oct 2024 11:54:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727956480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8CyDRisH9r4j4yjkAyt6REDkJIcc5WtllXIWNGsHjdA=; b=OsDRFxJrgFBos71XprAOVqGuEhcng3HUB3UuszV2QJW9UGP/TMC0EyYviKx5iR2qavZkW/ QMT+og9/GQzX2vLDGoQcn0xOBMcwSaAHHscOIz6BS4aC+SFqDFLzppZIjOkaVI62YmImnX i0A0pU9Wb8sc69xa6aNfbMdObVzGIKYjaRfEVft2rvjDjvDqNJobJrqYPdoq6Xk+j32FHA BUyupyQwK4blx75Ox88CtsgS8hqSzriKTDVHP5dxG5IMmU2o/9v+riKIBlPCydazjC2eCK hJS0CmxxdWqtbh6Yp3fTzX9blTjJbym3p4hT4BFP9hMEcYo74tH7FZCB2M08kg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727956480; a=rsa-sha256; cv=none; b=XmmHShSJhoq9IU5xRY+37ptBIu8rbgW9ohyx9+qQKnom386CyirsuBJG/EBD8mpxsHH8zC gIjEH0zROidVbFpirURioC6cYkcrua7Hu6hU3gw+ouscO5qDEyiqddhIWe8k0rsVI4fyOw F53/KtcauCeVLc4ZxFaACx4NCFQHZuD+ESOFdkc9FaJHaYS0u8m4clUPWJpjBlBgrw4aIG 3hb3jjiKWn4Gi9cUsECNpSSrycbO5S6y2zQqB8o4Tq1jfB9Qi0NLpPjXGvmk9kuuzut5Rx H/suXd3Ssw6FR34IZlob92FINsLlc6L3WWcLg4w5YWO2T99GVZQ+l/0j+lvQ9Q== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XK98J56gRzqJZ for ; Thu, 3 Oct 2024 11:54:40 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 493BseQR097495 for ; Thu, 3 Oct 2024 11:54:40 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 493BsesT097494 for bugs@FreeBSD.org; Thu, 3 Oct 2024 11:54:40 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 201052] [sctp] capsicum: propagate rights on sctp_peeloff Date: Thu, 03 Oct 2024 11:54:40 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: emaste@freebsd.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D201052 --- Comment #9 from Ed Maste --- The change should be similar to the one for accept(), i.e. https://github.com/freebsd/freebsd-src/commit/85b0f9de11c3988f53f899cd171b6= 85037da03a8 getsock_cap gained a new arg `struct filecaps *havecapsp` which is not used= in most cases but in kern_accept4() we pass fcaps to get the existing capabilities, and then pass that to falloc_caps to obtain the new fd. I think the diff would look like: diff --git a/sys/netinet/sctp_syscalls.c b/sys/netinet/sctp_syscalls.c index d67e260b6f99..1bd6f2707d5d 100644 --- a/sys/netinet/sctp_syscalls.c +++ b/sys/netinet/sctp_syscalls.c @@ -141,13 +141,14 @@ sys_sctp_peeloff(struct thread *td, struct sctp_peeloff_args *uap) { struct file *headfp, *nfp =3D NULL; struct socket *head, *so; + struct filecaps fcaps; cap_rights_t rights; u_int fflag; int error, fd; AUDIT_ARG_FD(uap->sd); - error =3D getsock(td, uap->sd, cap_rights_init_one(&rights, CAP_PEE= LOFF), - &headfp); + error =3D getsock_cap(td, uap->sd, + cap_rights_init_one(&rights, CAP_PEELOFF), &headfp, NULL, &fcap= s); if (error !=3D 0) goto done2; fflag =3D atomic_load_int(&headfp->f_flag); @@ -165,7 +166,7 @@ sys_sctp_peeloff(struct thread *td, struct sctp_peeloff_args *uap) * but that is ok. */ - error =3D falloc(td, &nfp, &fd, 0); + error =3D falloc_cap(td, &nfp, &fd, 0, &fcaps); if (error !=3D 0) goto done; td->td_retval[0] =3D fd; --=20 You are receiving this mail because: You are the assignee for the bug.=