svn commit: r318634 - in head/sys: compat/freebsd32 kern
Ed Maste
emaste at FreeBSD.org
Mon May 22 11:43:20 UTC 2017
Author: emaste
Date: Mon May 22 11:43:19 2017
New Revision: 318634
URL: https://svnweb.freebsd.org/changeset/base/318634
Log:
disallow open(2) in capability mode
Previously open(2) was allowed in capability mode, with a comment that
suggested this was likely the case to facilitate debugging. The system
call would still fail later on, but it's better to disallow the syscall
altogether.
We now have the kern.trap_enotcap sysctl or PROC_TRAPCAP_CTL proccontrol
to aid in debugging.
In any case libc has translated open() to the openat syscall since
r277032.
Reviewed by: kib, rwatson
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D10850
Modified:
head/sys/compat/freebsd32/capabilities.conf
head/sys/kern/capabilities.conf
Modified: head/sys/compat/freebsd32/capabilities.conf
==============================================================================
--- head/sys/compat/freebsd32/capabilities.conf Mon May 22 11:41:17 2017 (r318633)
+++ head/sys/compat/freebsd32/capabilities.conf Mon May 22 11:43:19 2017 (r318634)
@@ -188,7 +188,6 @@ renameat
symlinkat
unlinkat
freebsd32_utimensat
-open
pdfork
pdgetpid
pdkill
Modified: head/sys/kern/capabilities.conf
==============================================================================
--- head/sys/kern/capabilities.conf Mon May 22 11:41:17 2017 (r318633)
+++ head/sys/kern/capabilities.conf Mon May 22 11:43:19 2017 (r318634)
@@ -460,14 +460,6 @@ unlinkat
utimensat
##
-## Allow entry into open(2). This system call will fail, since access to the
-## global file namespace has been disallowed, but allowing entry into the
-## syscall means that an audit trail will be generated (which is also very
-## useful for debugging).
-##
-open
-
-##
## Process descriptor-related system calls are allowed.
##
pdfork
More information about the svn-src-head
mailing list