bindat(2) and connectat(2) syscalls for review.

Jilles Tjoelker jilles at stack.nl
Wed Feb 13 23:19:46 UTC 2013


On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote:
> I'd like to commit the following patch:

> 	http://people.freebsd.org/~pjd/patches/bindconnectat.patch

> It implements bindat(2) and connectat(2) syscalls that will allow to
> manage UNIX domain sockets from within capability mode sandbox.

> They work just like any other *at(2) syscall and their prototypes look
> like this:

> 	int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
> 	int connectat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);

> Where 'fd' is directory descriptor. The only supported socket domain is
> PF_LOCAL.

> The audit subsystem was updated to audit the new syscalls properly.

These calls are inherently limited to PF_LOCAL anyway, so why not go a
bit further and accept a pathname instead of a struct sockaddr_un that
has an arbitrary limit of 104 bytes? This appears possible because new
usrreqs were created.

Can the "XXXRW: Revisit this" comments before #bind and #connect in
sys/kern/capabilities.conf go away now?

-- 
Jilles Tjoelker


More information about the freebsd-arch mailing list