Capsicum and sendto(2)
Brooks Davis
brooks at freebsd.org
Tue Jan 21 18:31:43 UTC 2014
On Tue, Jan 21, 2014 at 10:45:11PM +0900, KAMADA Ken'ichi wrote:
> Hi,
>
> What is the intended behavior of sendto() with non-NULL destination
> when the capability mode is enabled?
>
> If the capability mode is *not* enabled, it is checked against
> CAP_CONNECT in kern_sendit() @ uipc_syscall.c.
> This matches the explanation in the rights(4) manual page.
>
> However, if the capability mode is enabled, it is always
> rejected in sendit(). Is this intended?
Yes, this is intended. In capabilty mode all access to namespaces is
restricted including the IP address namespace. You must either connect
your sockets before entereing capabilty mode or use casper to provide
connected sockets.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140121/74efbd87/attachment.sig>
More information about the freebsd-security
mailing list