Date: Mon, 8 Sep 2014 16:28:23 -0400 From: Patrick Kelsey <pkelsey@freebsd.org> To: current@freebsd.org Cc: George Neville-Neil <gnn@freebsd.org> Subject: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient Message-ID: <CAD44qMWgWn_OZ1i0Jy2WTLY=YAai%2B6-_Bq24QN-AjD9iYJ2JOA@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
--001a11c37b0a1b4cf9050293a9e1 Content-Type: text/plain; charset=UTF-8 In r268997, _ftello() was modified to use _fcntl(F_GETFL) in the non-append, write-only path. Consequently, programs that use _ftello() (via ftell, fgetpos, fsetpos, fseek, rewind...) on non-append, write-only files and that use capsicum to restrict capabilities on the associated fds to [CAP_SEEK, CAP_WRITE] broke as all ftell() (and friends) calls on those files fail with ENOTCAPABLE due to lack of CAP_FCNTL rights. There appear to be only two affected programs in the tree - tcpdump and dhclient. This affects both CURRENT and 10-STABLE (including 10.1-PRERELEASE) tcpdump, when configured to write to capture files rotated by size, fails to rotate and captures indefinitely to the first file in the series. This can be reproduced by a command such as: tcpdump -i <ifname> -C 1 -W 2 -w packets -v By inspection, dhclient will fail to trim old data from its client leases file when rewriting that file with a lesser amount of data than it currently contains. See the ftruncate() call in dhclient.c:rewrite_client_leases(). The attached patch adds CAP_FCNTL to the limited rights established for non-append, write-only files used by tcpdump and dhclient. It also restricts the fcntl rights to CAP_FCNTL_GETFL. The current need to have CAP_FCNTL rights in order to get or set the file position on non-append, write-only files is subtle. Perhaps part of the answer is to define a CAP_FSEEK right in sys/capability.h that resolves to CAP_SEEK|CAP_FCNTL, or to modify the CAP_SEEK description in rights(4) to note the need for CAP_FCNTL when using ftell() and friends. -Patrick --001a11c37b0a1b4cf9050293a9e1 Content-Type: application/octet-stream; name="ftell_cap_rights.patch" Content-Disposition: attachment; filename="ftell_cap_rights.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hzu8nnfx0 SW5kZXg6IGNvbnRyaWIvdGNwZHVtcC90Y3BkdW1wLmMKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gY29udHJpYi90 Y3BkdW1wL3RjcGR1bXAuYwkocmV2aXNpb24gMjcxMjgxKQorKysgY29udHJpYi90Y3BkdW1wL3Rj cGR1bXAuYwkod29ya2luZyBjb3B5KQpAQCAtMTU2NiwxMSArMTU2NiwxNSBAQAogCQlpZiAocCA9 PSBOVUxMKQogCQkJZXJyb3IoIiVzIiwgcGNhcF9nZXRlcnIocGQpKTsKICNpZmRlZiBfX0ZyZWVC U0RfXwotCQljYXBfcmlnaHRzX2luaXQoJnJpZ2h0cywgQ0FQX1NFRUssIENBUF9XUklURSk7CisJ CWNhcF9yaWdodHNfaW5pdCgmcmlnaHRzLCBDQVBfU0VFSywgQ0FQX0ZDTlRMLCBDQVBfV1JJVEUp OwogCQlpZiAoY2FwX3JpZ2h0c19saW1pdChmaWxlbm8ocGNhcF9kdW1wX2ZpbGUocCkpLCAmcmln aHRzKSA8IDAgJiYKIAkJICAgIGVycm5vICE9IEVOT1NZUykgewogCQkJZXJyb3IoInVuYWJsZSB0 byBsaW1pdCBkdW1wIGRlc2NyaXB0b3IiKTsKIAkJfQorCQlpZiAoY2FwX2ZjbnRsc19saW1pdChm aWxlbm8ocGNhcF9kdW1wX2ZpbGUocCkpLCBDQVBfRkNOVExfR0VURkwpIDwgMCAmJgorCQkgICAg ZXJybm8gIT0gRU5PU1lTKSB7CisJCQllcnJvcigidW5hYmxlIHRvIGxpbWl0IGR1bXAgZGVzY3Jp cHRvciBmY250bHMiKTsKKwkJfQogI2VuZGlmCiAJCWlmIChDZmxhZyAhPSAwIHx8IEdmbGFnICE9 IDApIHsKICNpZmRlZiBfX0ZyZWVCU0RfXwpAQCAtMTk5NCwxMSArMTk5OCwxNSBAQAogCQkJaWYg KGR1bXBfaW5mby0+cCA9PSBOVUxMKQogCQkJCWVycm9yKCIlcyIsIHBjYXBfZ2V0ZXJyKHBkKSk7 CiAjaWZkZWYgX19GcmVlQlNEX18KLQkJCWNhcF9yaWdodHNfaW5pdCgmcmlnaHRzLCBDQVBfU0VF SywgQ0FQX1dSSVRFKTsKKwkJCWNhcF9yaWdodHNfaW5pdCgmcmlnaHRzLCBDQVBfU0VFSywgQ0FQ X0ZDTlRMLCBDQVBfV1JJVEUpOwogCQkJaWYgKGNhcF9yaWdodHNfbGltaXQoZmlsZW5vKHBjYXBf ZHVtcF9maWxlKGR1bXBfaW5mby0+cCkpLAogCQkJICAgICZyaWdodHMpIDwgMCAmJiBlcnJubyAh PSBFTk9TWVMpIHsKIAkJCQllcnJvcigidW5hYmxlIHRvIGxpbWl0IGR1bXAgZGVzY3JpcHRvciIp OwogCQkJfQorCQkJaWYgKGNhcF9mY250bHNfbGltaXQoZmlsZW5vKHBjYXBfZHVtcF9maWxlKGR1 bXBfaW5mby0+cCkpLAorCQkJICAgIENBUF9GQ05UTF9HRVRGTCkgPCAwICYmIGVycm5vICE9IEVO T1NZUykgeworCQkJCWVycm9yKCJ1bmFibGUgdG8gbGltaXQgZHVtcCBkZXNjcmlwdG9yIGZjbnRs cyIpOworCQkJfQogI2VuZGlmCiAJCX0KIAl9CkBAIC0yMDU1LDExICsyMDYzLDE1IEBACiAJCWlm IChkdW1wX2luZm8tPnAgPT0gTlVMTCkKIAkJCWVycm9yKCIlcyIsIHBjYXBfZ2V0ZXJyKHBkKSk7 CiAjaWZkZWYgX19GcmVlQlNEX18KLQkJY2FwX3JpZ2h0c19pbml0KCZyaWdodHMsIENBUF9TRUVL LCBDQVBfV1JJVEUpOworCQljYXBfcmlnaHRzX2luaXQoJnJpZ2h0cywgQ0FQX1NFRUssIENBUF9G Q05UTCwgQ0FQX1dSSVRFKTsKIAkJaWYgKGNhcF9yaWdodHNfbGltaXQoZmlsZW5vKHBjYXBfZHVt cF9maWxlKGR1bXBfaW5mby0+cCkpLAogCQkgICAgJnJpZ2h0cykgPCAwICYmIGVycm5vICE9IEVO T1NZUykgewogCQkJZXJyb3IoInVuYWJsZSB0byBsaW1pdCBkdW1wIGRlc2NyaXB0b3IiKTsKIAkJ fQorCQlpZiAoY2FwX2ZjbnRsc19saW1pdChmaWxlbm8ocGNhcF9kdW1wX2ZpbGUoZHVtcF9pbmZv LT5wKSksCisJCSAgICBDQVBfRkNOVExfR0VURkwpIDwgMCAmJiBlcnJubyAhPSBFTk9TWVMpIHsK KwkJCWVycm9yKCJ1bmFibGUgdG8gbGltaXQgZHVtcCBkZXNjcmlwdG9yIGZjbnRscyIpOworCQl9 CiAjZW5kaWYKIAl9CiAKSW5kZXg6IHNiaW4vZGhjbGllbnQvZGhjbGllbnQuYwo9PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 Ci0tLSBzYmluL2RoY2xpZW50L2RoY2xpZW50LmMJKHJldmlzaW9uIDI3MTI4MSkKKysrIHNiaW4v ZGhjbGllbnQvZGhjbGllbnQuYwkod29ya2luZyBjb3B5KQpAQCAtMTg0NiwxMSArMTg0NiwxNSBA QAogCQlpZiAoIWxlYXNlRmlsZSkKIAkJCWVycm9yKCJjYW4ndCBjcmVhdGUgJXM6ICVtIiwgcGF0 aF9kaGNsaWVudF9kYik7CiAJCWNhcF9yaWdodHNfaW5pdCgmcmlnaHRzLCBDQVBfRlNUQVQsIENB UF9GU1lOQywgQ0FQX0ZUUlVOQ0FURSwKLQkJICAgIENBUF9TRUVLLCBDQVBfV1JJVEUpOworCQkg ICAgQ0FQX1NFRUssIENBUF9GQ05UTCwgQ0FQX1dSSVRFKTsKIAkJaWYgKGNhcF9yaWdodHNfbGlt aXQoZmlsZW5vKGxlYXNlRmlsZSksICZyaWdodHMpIDwgMCAmJgogCQkgICAgZXJybm8gIT0gRU5P U1lTKSB7CiAJCQllcnJvcigiY2FuJ3QgbGltaXQgbGVhc2UgZGVzY3JpcHRvcjogJW0iKTsKIAkJ fQorCQlpZiAoY2FwX2ZjbnRsc19saW1pdChmaWxlbm8obGVhc2VGaWxlKSwgQ0FQX0ZDTlRMX0dF VEZMKSA8IDAgJiYKKwkJICAgIGVycm5vICE9IEVOT1NZUykgeworCQkJZXJyb3IoImNhbid0IGxp bWl0IGxlYXNlIGRlc2NyaXB0b3IgZmNudGxzOiAlbSIpOworCQl9CiAJfSBlbHNlIHsKIAkJZmZs dXNoKGxlYXNlRmlsZSk7CiAJCXJld2luZChsZWFzZUZpbGUpOwo= --001a11c37b0a1b4cf9050293a9e1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD44qMWgWn_OZ1i0Jy2WTLY=YAai%2B6-_Bq24QN-AjD9iYJ2JOA>