From owner-freebsd-security@FreeBSD.ORG Tue Jan 21 18:31:43 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 664FF636 for ; Tue, 21 Jan 2014 18:31:43 +0000 (UTC) Received: from lor.one-eyed-alien.net (lor.one-eyed-alien.net [69.66.77.232]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 99F6F1A79 for ; Tue, 21 Jan 2014 18:31:42 +0000 (UTC) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.14.7/8.14.7) with ESMTP id s0LILofa006451; Tue, 21 Jan 2014 12:21:50 -0600 (CST) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.14.7/8.14.7/Submit) id s0LILogI006450; Tue, 21 Jan 2014 12:21:50 -0600 (CST) (envelope-from brooks) Date: Tue, 21 Jan 2014 12:21:50 -0600 From: Brooks Davis To: "KAMADA Ken'ichi" Subject: Re: Capsicum and sendto(2) Message-ID: <20140121182150.GB80341@lor.one-eyed-alien.net> References: <20140121224511WQ%kamada@nanohz.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bCsyhTFzCvuiizWE" Content-Disposition: inline In-Reply-To: <20140121224511WQ%kamada@nanohz.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Mailman-Approved-At: Tue, 21 Jan 2014 19:56:04 +0000 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jan 2014 18:31:43 -0000 --bCsyhTFzCvuiizWE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 21, 2014 at 10:45:11PM +0900, KAMADA Ken'ichi wrote: > Hi, >=20 > What is the intended behavior of sendto() with non-NULL destination > when the capability mode is enabled? >=20 > If the capability mode is *not* enabled, it is checked against > CAP_CONNECT in kern_sendit() @ uipc_syscall.c. > This matches the explanation in the rights(4) manual page. >=20 > However, if the capability mode is enabled, it is always > rejected in sendit(). Is this intended? Yes, this is intended. In capabilty mode all access to namespaces is=20 restricted including the IP address namespace. You must either connect your sockets before entereing capabilty mode or use casper to provide connected sockets. -- Brooks --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iD8DBQFS3rq8XY6L6fI4GtQRApKfAKDlxqHfgGJL/CLL2q3mIJKHWJclCwCgx46d X4F4WJLKyFnLt7AW2zpSfys= =8J8r -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE--