bindat(2) and connectat(2) syscalls for review.
Jilles Tjoelker
jilles at stack.nl
Wed Feb 13 23:19:46 UTC 2013
On Thu, Feb 14, 2013 at 12:03:54AM +0100, Pawel Jakub Dawidek wrote:
> I'd like to commit the following patch:
> http://people.freebsd.org/~pjd/patches/bindconnectat.patch
> It implements bindat(2) and connectat(2) syscalls that will allow to
> manage UNIX domain sockets from within capability mode sandbox.
> They work just like any other *at(2) syscall and their prototypes look
> like this:
> int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
> int connectat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
> Where 'fd' is directory descriptor. The only supported socket domain is
> PF_LOCAL.
> The audit subsystem was updated to audit the new syscalls properly.
These calls are inherently limited to PF_LOCAL anyway, so why not go a
bit further and accept a pathname instead of a struct sockaddr_un that
has an arbitrary limit of 104 bytes? This appears possible because new
usrreqs were created.
Can the "XXXRW: Revisit this" comments before #bind and #connect in
sys/kern/capabilities.conf go away now?
--
Jilles Tjoelker
More information about the freebsd-arch
mailing list