Re: Limiting Capsicum capabilities rights [RESOLVED]
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 20 Feb 2024 01:53:15 UTC
On Tuesday, February 13th, 2024 at 11:22 AM, Jonathan Adams <jfadams1963@proton.me> wrote: > As I say, this all works fine. But if I add in the following declaration and calls to set and limit rights, it fails; clearly too restrictive: > ---------- > 28 │ cap_rights_t rights; > ... > 86 │ // Set rights on directory fd > 87 │ cap_rights_init(&rights, CAP_LOOKUP, CAP_CREATE, CAP_PREAD, \ > 88 │ CAP_PWRITE, CAP_FCHMOD); > 89 │ cap_rights_limit(dirfd, &rights); > ---------- For posterity's sake, the missing right in cap_rights_init() was CAP_FCNTL. I finally found the answer in Mariusz Zaborski's 2018 article "Capsicum: Just Apply Me!" The relevant text is from his example of Capsicumizing cmp(1): cmp(1) is work- ing on two descriptors fd1 and fd2 and both have capability CAP_FSTAT and CAP_FCNTL, which respectively allow us to get a file status using the fstat(2) function and fcntl(2) for file control. (The cmp(1) uses the fdopen(3) function that requires fcntl(F_GETFL)). - Jonathan ____________________________________________ "Before Turing, things were done to numbers. After Turing, numbers began doing things" - George Dyson