From owner-freebsd-current@FreeBSD.ORG Mon Sep 8 20:28:27 2014 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D6F02F9; Mon, 8 Sep 2014 20:28:27 +0000 (UTC) Received: from mail-la0-x229.google.com (mail-la0-x229.google.com [IPv6:2a00:1450:4010:c03::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6C16817F0; Mon, 8 Sep 2014 20:28:26 +0000 (UTC) Received: by mail-la0-f41.google.com with SMTP id s18so6747443lam.14 for ; Mon, 08 Sep 2014 13:28:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:cc:content-type; bh=kaardGWx9llgO942CmQLZNq60BZk1Mbtq501/lNKuBc=; b=OwiUDzq3nrOdjPo2sbJ5MN6IKFe3Nj6o5/kSU6WG1ldfyNjxRLwdd7ZPZRo0O3PbWO WWkP4VwScQqBXSERCFOMnoK6jw2PBiJOEUgPH1pa5tBj/KZe6j3/A60PnXxCd+EthdFI /kxArFcQAEP1h4JnXrtwDCkWuyUGyK/S/sNCkLSQpdkYlIDnEUcfGmLP/R5J9hnVTDW9 plc5dnkAdtqQLO+YLIbKPWHBghbXSJ8o8gLW/Qq4xJ/Frs6IrKc26Pns5o2VFheRzMLy eg0EDcth1x4e/8xI4BZhqgmThXeq22upNEzjXh9hai2YyqVPOwuDWRHs+z38gymP8fpf oAEw== MIME-Version: 1.0 X-Received: by 10.112.14.33 with SMTP id m1mr30164019lbc.16.1410208104122; Mon, 08 Sep 2014 13:28:24 -0700 (PDT) Sender: pkelsey@gmail.com Received: by 10.112.58.164 with HTTP; Mon, 8 Sep 2014 13:28:23 -0700 (PDT) Date: Mon, 8 Sep 2014 16:28:23 -0400 X-Google-Sender-Auth: ux8WdKMBnXOwaORB_88CXCGmcqQ Message-ID: Subject: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient From: Patrick Kelsey To: current@freebsd.org Content-Type: multipart/mixed; boundary=001a11c37b0a1b4cf9050293a9e1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: George Neville-Neil X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2014 20:28:27 -0000 --001a11c37b0a1b4cf9050293a9e1 Content-Type: text/plain; charset=UTF-8 In r268997, _ftello() was modified to use _fcntl(F_GETFL) in the non-append, write-only path. Consequently, programs that use _ftello() (via ftell, fgetpos, fsetpos, fseek, rewind...) on non-append, write-only files and that use capsicum to restrict capabilities on the associated fds to [CAP_SEEK, CAP_WRITE] broke as all ftell() (and friends) calls on those files fail with ENOTCAPABLE due to lack of CAP_FCNTL rights. There appear to be only two affected programs in the tree - tcpdump and dhclient. This affects both CURRENT and 10-STABLE (including 10.1-PRERELEASE) tcpdump, when configured to write to capture files rotated by size, fails to rotate and captures indefinitely to the first file in the series. This can be reproduced by a command such as: tcpdump -i -C 1 -W 2 -w packets -v By inspection, dhclient will fail to trim old data from its client leases file when rewriting that file with a lesser amount of data than it currently contains. See the ftruncate() call in dhclient.c:rewrite_client_leases(). The attached patch adds CAP_FCNTL to the limited rights established for non-append, write-only files used by tcpdump and dhclient. It also restricts the fcntl rights to CAP_FCNTL_GETFL. The current need to have CAP_FCNTL rights in order to get or set the file position on non-append, write-only files is subtle. Perhaps part of the answer is to define a CAP_FSEEK right in sys/capability.h that resolves to CAP_SEEK|CAP_FCNTL, or to modify the CAP_SEEK description in rights(4) to note the need for CAP_FCNTL when using ftell() and friends. -Patrick --001a11c37b0a1b4cf9050293a9e1 Content-Type: application/octet-stream; name="ftell_cap_rights.patch" Content-Disposition: attachment; filename="ftell_cap_rights.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hzu8nnfx0 SW5kZXg6IGNvbnRyaWIvdGNwZHVtcC90Y3BkdW1wLmMKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gY29udHJpYi90 Y3BkdW1wL3RjcGR1bXAuYwkocmV2aXNpb24gMjcxMjgxKQorKysgY29udHJpYi90Y3BkdW1wL3Rj cGR1bXAuYwkod29ya2luZyBjb3B5KQpAQCAtMTU2NiwxMSArMTU2NiwxNSBAQAogCQlpZiAocCA9 PSBOVUxMKQogCQkJZXJyb3IoIiVzIiwgcGNhcF9nZXRlcnIocGQpKTsKICNpZmRlZiBfX0ZyZWVC U0RfXwotCQljYXBfcmlnaHRzX2luaXQoJnJpZ2h0cywgQ0FQX1NFRUssIENBUF9XUklURSk7CisJ CWNhcF9yaWdodHNfaW5pdCgmcmlnaHRzLCBDQVBfU0VFSywgQ0FQX0ZDTlRMLCBDQVBfV1JJVEUp OwogCQlpZiAoY2FwX3JpZ2h0c19saW1pdChmaWxlbm8ocGNhcF9kdW1wX2ZpbGUocCkpLCAmcmln aHRzKSA8IDAgJiYKIAkJICAgIGVycm5vICE9IEVOT1NZUykgewogCQkJZXJyb3IoInVuYWJsZSB0 byBsaW1pdCBkdW1wIGRlc2NyaXB0b3IiKTsKIAkJfQorCQlpZiAoY2FwX2ZjbnRsc19saW1pdChm aWxlbm8ocGNhcF9kdW1wX2ZpbGUocCkpLCBDQVBfRkNOVExfR0VURkwpIDwgMCAmJgorCQkgICAg ZXJybm8gIT0gRU5PU1lTKSB7CisJCQllcnJvcigidW5hYmxlIHRvIGxpbWl0IGR1bXAgZGVzY3Jp cHRvciBmY250bHMiKTsKKwkJfQogI2VuZGlmCiAJCWlmIChDZmxhZyAhPSAwIHx8IEdmbGFnICE9 IDApIHsKICNpZmRlZiBfX0ZyZWVCU0RfXwpAQCAtMTk5NCwxMSArMTk5OCwxNSBAQAogCQkJaWYg KGR1bXBfaW5mby0+cCA9PSBOVUxMKQogCQkJCWVycm9yKCIlcyIsIHBjYXBfZ2V0ZXJyKHBkKSk7 CiAjaWZkZWYgX19GcmVlQlNEX18KLQkJCWNhcF9yaWdodHNfaW5pdCgmcmlnaHRzLCBDQVBfU0VF SywgQ0FQX1dSSVRFKTsKKwkJCWNhcF9yaWdodHNfaW5pdCgmcmlnaHRzLCBDQVBfU0VFSywgQ0FQ X0ZDTlRMLCBDQVBfV1JJVEUpOwogCQkJaWYgKGNhcF9yaWdodHNfbGltaXQoZmlsZW5vKHBjYXBf ZHVtcF9maWxlKGR1bXBfaW5mby0+cCkpLAogCQkJICAgICZyaWdodHMpIDwgMCAmJiBlcnJubyAh PSBFTk9TWVMpIHsKIAkJCQllcnJvcigidW5hYmxlIHRvIGxpbWl0IGR1bXAgZGVzY3JpcHRvciIp OwogCQkJfQorCQkJaWYgKGNhcF9mY250bHNfbGltaXQoZmlsZW5vKHBjYXBfZHVtcF9maWxlKGR1 bXBfaW5mby0+cCkpLAorCQkJICAgIENBUF9GQ05UTF9HRVRGTCkgPCAwICYmIGVycm5vICE9IEVO T1NZUykgeworCQkJCWVycm9yKCJ1bmFibGUgdG8gbGltaXQgZHVtcCBkZXNjcmlwdG9yIGZjbnRs cyIpOworCQkJfQogI2VuZGlmCiAJCX0KIAl9CkBAIC0yMDU1LDExICsyMDYzLDE1IEBACiAJCWlm IChkdW1wX2luZm8tPnAgPT0gTlVMTCkKIAkJCWVycm9yKCIlcyIsIHBjYXBfZ2V0ZXJyKHBkKSk7 CiAjaWZkZWYgX19GcmVlQlNEX18KLQkJY2FwX3JpZ2h0c19pbml0KCZyaWdodHMsIENBUF9TRUVL LCBDQVBfV1JJVEUpOworCQljYXBfcmlnaHRzX2luaXQoJnJpZ2h0cywgQ0FQX1NFRUssIENBUF9G Q05UTCwgQ0FQX1dSSVRFKTsKIAkJaWYgKGNhcF9yaWdodHNfbGltaXQoZmlsZW5vKHBjYXBfZHVt cF9maWxlKGR1bXBfaW5mby0+cCkpLAogCQkgICAgJnJpZ2h0cykgPCAwICYmIGVycm5vICE9IEVO T1NZUykgewogCQkJZXJyb3IoInVuYWJsZSB0byBsaW1pdCBkdW1wIGRlc2NyaXB0b3IiKTsKIAkJ fQorCQlpZiAoY2FwX2ZjbnRsc19saW1pdChmaWxlbm8ocGNhcF9kdW1wX2ZpbGUoZHVtcF9pbmZv LT5wKSksCisJCSAgICBDQVBfRkNOVExfR0VURkwpIDwgMCAmJiBlcnJubyAhPSBFTk9TWVMpIHsK KwkJCWVycm9yKCJ1bmFibGUgdG8gbGltaXQgZHVtcCBkZXNjcmlwdG9yIGZjbnRscyIpOworCQl9 CiAjZW5kaWYKIAl9CiAKSW5kZXg6IHNiaW4vZGhjbGllbnQvZGhjbGllbnQuYwo9PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 Ci0tLSBzYmluL2RoY2xpZW50L2RoY2xpZW50LmMJKHJldmlzaW9uIDI3MTI4MSkKKysrIHNiaW4v ZGhjbGllbnQvZGhjbGllbnQuYwkod29ya2luZyBjb3B5KQpAQCAtMTg0NiwxMSArMTg0NiwxNSBA QAogCQlpZiAoIWxlYXNlRmlsZSkKIAkJCWVycm9yKCJjYW4ndCBjcmVhdGUgJXM6ICVtIiwgcGF0 aF9kaGNsaWVudF9kYik7CiAJCWNhcF9yaWdodHNfaW5pdCgmcmlnaHRzLCBDQVBfRlNUQVQsIENB UF9GU1lOQywgQ0FQX0ZUUlVOQ0FURSwKLQkJICAgIENBUF9TRUVLLCBDQVBfV1JJVEUpOworCQkg ICAgQ0FQX1NFRUssIENBUF9GQ05UTCwgQ0FQX1dSSVRFKTsKIAkJaWYgKGNhcF9yaWdodHNfbGlt aXQoZmlsZW5vKGxlYXNlRmlsZSksICZyaWdodHMpIDwgMCAmJgogCQkgICAgZXJybm8gIT0gRU5P U1lTKSB7CiAJCQllcnJvcigiY2FuJ3QgbGltaXQgbGVhc2UgZGVzY3JpcHRvcjogJW0iKTsKIAkJ fQorCQlpZiAoY2FwX2ZjbnRsc19saW1pdChmaWxlbm8obGVhc2VGaWxlKSwgQ0FQX0ZDTlRMX0dF VEZMKSA8IDAgJiYKKwkJICAgIGVycm5vICE9IEVOT1NZUykgeworCQkJZXJyb3IoImNhbid0IGxp bWl0IGxlYXNlIGRlc2NyaXB0b3IgZmNudGxzOiAlbSIpOworCQl9CiAJfSBlbHNlIHsKIAkJZmZs dXNoKGxlYXNlRmlsZSk7CiAJCXJld2luZChsZWFzZUZpbGUpOwo= --001a11c37b0a1b4cf9050293a9e1--