Date: Sat, 24 Oct 2015 22:45:11 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-arm@FreeBSD.org Subject: [Bug 204008] Feature request: Enable Capsicum/CAPABILITIES on Beaglebone and ARM/* Message-ID: <bug-204008-7@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204008 Bug ID: 204008 Summary: Feature request: Enable Capsicum/CAPABILITIES on Beaglebone and ARM/* Product: Base System Version: 11.0-CURRENT Hardware: arm OS: Any Status: New Severity: Affects Many People Priority: --- Component: arm Assignee: freebsd-arm@FreeBSD.org Reporter: sega01@go-beyond.org Hi, First off, I apologize if this is not the correct place to report such things. If it's not, please let me know and I'll create it elsewhere. Beaglebone and possibly most ARM boards seem to not have CAPABILITIES enabled. Would it be reasonable to turn it on by default, especially for FreeBSD 11? Additionally, the behavior is strange. If the program calls cap_enter() it is not killed, it silently proceeds and you can only tell that it's not working by the effect of the program (putting cap_enter() before open(), for instance), or watching it with truss. It seems slightly misleading from a security standpoint that way. So this request goes two ways. First: If Capsicum is not supported, should the program be killed if it tries to use Capsicum? Second: Should Capsicum be turned on by default on the ARMv6 branch? Thank you, Teran -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-204008-7>