From owner-freebsd-security@FreeBSD.ORG Tue Jan 21 13:46:35 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 40ED9336 for ; Tue, 21 Jan 2014 13:46:35 +0000 (UTC) Received: from shiki.nanohz.org (shiki.nanohz.org [IPv6:2001:e41:31d4:86d6::1]) by mx1.freebsd.org (Postfix) with ESMTP id 115531EB9 for ; Tue, 21 Jan 2014 13:46:35 +0000 (UTC) Received: from shiki.nanohz.org (localhost [IPv6:::1]) by shiki.nanohz.org (Postfix) with ESMTP id 953492280A5 for ; Tue, 21 Jan 2014 22:45:11 +0900 (JST) Received: from hisa.nanohz.org by shiki.nanohz.org (smtpsugar 1.1) with ESMTPA id 4eYW7N; Tue, 21 Jan 2014 22:45:11 +0900 (JST) Date: Tue, 21 Jan 2014 22:45:11 +0900 Message-ID: <20140121224511WQ%kamada@nanohz.org> From: KAMADA Ken'ichi To: freebsd-security@freebsd.org Subject: Capsicum and sendto(2) User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 Emacs/24.3 (x86_64-unknown-netbsd6) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2014 13:46:35 -0000 Hi, What is the intended behavior of sendto() with non-NULL destination when the capability mode is enabled? If the capability mode is *not* enabled, it is checked against CAP_CONNECT in kern_sendit() @ uipc_syscall.c. This matches the explanation in the rights(4) manual page. However, if the capability mode is enabled, it is always rejected in sendit(). Is this intended? Best regards, Ken