Summary: | [sctp] capsicum: propagate rights on sctp_peeloff | ||
---|---|---|---|
Product: | Base System | Reporter: | Ed Maste <emaste> |
Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> |
Status: | Open --- | ||
Severity: | Affects Only Me | CC: | drysdale, markj, oshogbo, tuexen |
Priority: | --- | Flags: | emaste:
mfc-stable11+
|
Version: | CURRENT | ||
Hardware: | Any | ||
OS: | Any | ||
Bug Depends on: | |||
Bug Blocks: | 231027 |
Description
Ed Maste
2015-06-22 20:54:15 UTC
A commit references this bug: Author: oshogbo Date: Thu Sep 22 09:58:47 UTC 2016 New revision: 306174 URL: https://svnweb.freebsd.org/changeset/base/306174 Log: capsicum: propagate rights on accept(2) Descriptor returned by accept(2) should inherits capabilities rights from the listening socket. PR: 201052 Reviewed by: emaste, jonathan Discussed with: many Differential Revision: https://reviews.freebsd.org/D7724 Changes: head/sys/compat/cloudabi/cloudabi_sock.c head/sys/compat/linux/linux_socket.c head/sys/kern/kern_sendfile.c head/sys/kern/uipc_syscalls.c head/sys/netinet/sctp_syscalls.c head/sys/sys/socketvar.h A commit references this bug: Author: dchagin Date: Wed Mar 15 16:38:40 UTC 2017 New revision: 315312 URL: https://svnweb.freebsd.org/changeset/base/315312 Log: MFC r305093 (by mjg@): fd: add fdeget_locked and use in kern_descrip MFC r305756 (by oshogbo@): fd: add fget_cap and fget_cap_locked primitives. They can be used to obtain capabilities along with a referenced fp. MFC r306174 (by oshogbo@): capsicum: propagate rights on accept(2) Descriptor returned by accept(2) should inherits capabilities rights from the listening socket. PR: 201052 MFC r306184 (by oshogbo@): fd: simplify fgetvp_rights by using fget_cap_locked. MFC r306225 (by mjg@): fd: fix up fgetvp_rights after r306184 fget_cap_locked returns a referenced file, but the fgetvp_rights does not need it. Instead, due to the filedesc lock being held, it can ref the vnode after the file was looked up. Fix up fget_cap_locked to be consistent with other _locked helpers and not ref the file. This plugs a leak introduced in r306184. MFC r306232 (by oshogbo@): fd: fix up fget_cap If the kernel is not compiled with the CAPABILITIES kernel options fget_unlocked doesn't return the sequence number so fd_modify will always report modification, in that case we got infinity loop. MFC r311474 (by glebius@): Use getsock_cap() instead of fgetsock(). MFC r312079 (by glebius@): Use getsock_cap() instead of deprecated fgetsock(). MFC r312081 (by glebius@): Use getsock_cap() instead of deprecated fgetsock(). MFC r312087 (by glebius@): Remove deprecated fgetsock() and fputsock(). Bump __FreeBSD_version as getsock_cap changed and fgetsock/fputsock pair removed. Changes: _U stable/11/ stable/11/sys/compat/cloudabi/cloudabi_sock.c stable/11/sys/compat/linux/linux_socket.c stable/11/sys/dev/iscsi_initiator/isc_soc.c stable/11/sys/dev/iscsi_initiator/iscsi.c stable/11/sys/kern/kern_descrip.c stable/11/sys/kern/kern_sendfile.c stable/11/sys/kern/uipc_syscalls.c stable/11/sys/netinet/sctp_syscalls.c stable/11/sys/sys/file.h stable/11/sys/sys/filedesc.h stable/11/sys/sys/param.h stable/11/sys/sys/socketvar.h Mariusz, can this be closed now? We still don't have support for sctp_peeloff. (In reply to Mariusz Zaborski from comment #4) Ah, indeed. I've reset the asignee for now. For bugs matching the following conditions: - Status == In Progress - Assignee == "bugs@FreeBSD.org" - Last Modified Year <= 2017 Do - Set Status to "Open" |