Date: Tue, 21 Jan 2014 22:45:11 +0900 From: KAMADA Ken'ichi <kamada@nanohz.org> To: freebsd-security@freebsd.org Subject: Capsicum and sendto(2) Message-ID: <20140121224511WQ%kamada@nanohz.org>
next in thread | raw e-mail | index | archive | help
Hi, What is the intended behavior of sendto() with non-NULL destination when the capability mode is enabled? If the capability mode is *not* enabled, it is checked against CAP_CONNECT in kern_sendit() @ uipc_syscall.c. This matches the explanation in the rights(4) manual page. However, if the capability mode is enabled, it is always rejected in sendit(). Is this intended? Best regards, Ken
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140121224511WQ%kamada>