Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 24 Jan 2008 09:03:42 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 133988 for review
Message-ID:  <200801240903.m0O93gfp013778@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=133988

Change 133988 by rwatson@rwatson_freebsd_capabilities on 2008/01/24 09:02:44

	Update comments.  We now have cap_enter(2) but it needs more work
	as it doesn't mask sysctls.

Affected files ...

.. //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#6 edit

Differences ...

==== //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#6 (text+ko) ====

@@ -48,17 +48,21 @@
  *   descriptors and may need adapting.
  * - UNIX domain socket passing of file descriptors will likely need work,
  *   especially relating to garbage collection.
- * - There is currently no way to prevent system calls from accessing objects
- *   other than via capabilities.
  * - The list of capability rights is probably inadequate.
  * - Should there be a privilege to expand capability rights?
  * - Should different underlying object sets have different valid capability
  *   rights?  I.e., CAP_SOCK_*, CAP_VNODE_*, etc?
- * - cap_enter(2) is not implemented.
+ * - Need a way to mask system calls based on capability mode and only allow
+ *   approved system calls.  A flag in syscalls.master?
+ * - Need to refine access control on sysctl infrastructe sysctls, such as
+ *   name lookup.
+ * - masking in fo_read/fo_write/etc is undesirable because really we want
+ *   only the original file to be used, as it might have state (cred, flags,
+ *   etc) that should be used instead.  seekable is a particular issue.
  */
 
 #include <sys/cdefs.h>
-__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#5 $");
+__FBSDID("$P4: //depot/projects/trustedbsd/capabilities/src/sys/kern/sys_capability.c#6 $");
 
 #include <sys/param.h>
 #include <sys/capability.h>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801240903.m0O93gfp013778>