d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disallow cap_enter() in freebsd32 compatibility mode.

Browse Source 
The freebsd32 compatibility mode (for running 32-bit binaries on 64-bit
kernels) does not currently allow any system calls in capability mode, but
still permits cap_enter(). As a result, 32-bit binaries on 64-bit kernels
that use capability mode do not work (they crash after being disallowed to
call sys_exit()). Affected binaries include dhclient and uniq. The latter's
crashes cause obscure build failures.

This commit makes freebsd32 cap_enter() fail with [ENOSYS], as if capability
mode was not compiled in. Applications deal with this by doing their work
without capability mode.

This commit does not fix the uncommon situation where a 64-bit process
enters capability mode and then executes a 32-bit binary using fexecve().

This commit should be reverted when allowing the necessary freebsd32 system
calls in capability mode.

Reviewed by:	pjd
Approved by:	re (hrs)
This commit is contained in:
jilles 2013-09-17 20:48:19 +00:00
parent 5a339ba5aa
commit 5faad32e2c
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
sys/compat/freebsd32/freebsd32_capability.c
View File

@ -48,6 +48,18 @@ __FBSDID("$FreeBSD$");
MALLOC_DECLARE(M_FILECAPS);
int
freebsd32_cap_enter(struct thread *td,
struct freebsd32_cap_enter_args *uap)
{
/*
* We do not have an equivalent of capabilities.conf for freebsd32
* compatibility, so do not allow capability mode for now.
*/
return (ENOSYS);
}
int
freebsd32_cap_ioctls_limit(struct thread *td,
struct freebsd32_cap_ioctls_limit_args *uap)
@ -135,6 +147,14 @@ freebsd32_cap_ioctls_get(struct thread *td,
#else /* !CAPABILITIES */
int
freebsd32_cap_enter(struct thread *td,
struct freebsd32_cap_enter_args *uap)
{
return (ENOSYS);
}
int
freebsd32_cap_ioctls_limit(struct thread *td,
struct freebsd32_cap_ioctls_limit_args *uap)

2
sys/compat/freebsd32/syscalls.master
View File

@ -973,7 +973,7 @@
514 AUE_NULL OBSOL cap_new
515 AUE_CAP_RIGHTS_GET NOPROTO { int __cap_rights_get(int version, \
int fd, cap_rights_t *rightsp); }
516 AUE_CAP_ENTER NOPROTO { int cap_enter(void); }
516 AUE_CAP_ENTER STD { int freebsd32_cap_enter(void); }
517 AUE_CAP_GETMODE NOPROTO { int cap_getmode(u_int *modep); }
518 AUE_PDFORK NOPROTO { int pdfork(int *fdp, int flags); }
519 AUE_PDKILL NOPROTO { int pdkill(int fd, int signum); }