Summary: | [patch] ppoll(2) is not permitted in capability mode | ||||||
---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Stefan Grundmann <sg2342> | ||||
Component: | kern | Assignee: | Mariusz Zaborski <oshogbo> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | brooks, cem, emaste, hannes, markj, oshogbo, rwatson, sg2342 | ||||
Priority: | --- | Keywords: | easy, patch, security | ||||
Version: | CURRENT | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Stefan Grundmann
2018-10-21 01:59:28 UTC
Created attachment 198424 [details]
patch to include ppoll in sys/kern/capabilities.conf
Capabilities do not appear to restrict signals at all, aside from restricting signal delivery to foreign processes (which cannot be selectively enabled). So I don't see any reason ppoll(2) cannot be treated the same as poll(2). A commit references this bug: Author: oshogbo Date: Sun Nov 4 17:12:53 UTC 2018 New revision: 340129 URL: https://svnweb.freebsd.org/changeset/base/340129 Log: capsicum: allow ppoll(2) in capability mode We already allow to use poll(2). There is no reason to disallow ppoll(2). PR: 232495 Submitted by: Stefan Grundmann <sg2342@googlemail.com> Reviewed by: cem, oshogbo MFC after: 2 weeks Changes: head/sys/kern/capabilities.conf A commit references this bug: Author: oshogbo Date: Tue Nov 6 18:05:46 UTC 2018 New revision: 340195 URL: https://svnweb.freebsd.org/changeset/base/340195 Log: capsicum: Add ppoll and freebsd32_ppoll to compat32. PR: 232495 Pointed out by: brooks MFC after: 2 weeks Changes: head/sys/compat/freebsd32/capabilities.conf Thanks for working on this. The commits (early November 2018) to HEAD include a MFC of 2 weeks, but it doesn't look like they have been MFC'ed. It would be great to have these changes included in the next 12-RELEASE! A commit references this bug: Author: brooks Date: Wed Jan 30 23:47:22 UTC 2019 New revision: 343596 URL: https://svnweb.freebsd.org/changeset/base/343596 Log: MFC r340129, r340195, r340198 r340129: capsicum: allow ppoll(2) in capability mode We already allow to use poll(2). There is no reason to disallow ppoll(2). PR: 232495 Submitted by: Stefan Grundmann <sg2342@googlemail.com> Reviewed by: cem, oshogbo r340195: capsicum: Add ppoll and freebsd32_ppoll to compat32. PR: 232495 Pointed out by: brooks r340198: Remove ppoll. freebsd32 doesn't define a ppoll syscall. Reported by: jhb Changes: _U stable/12/ stable/12/sys/compat/freebsd32/capabilities.conf stable/12/sys/kern/capabilities.conf A commit references this bug: Author: brooks Date: Wed Jan 30 23:47:22 UTC 2019 New revision: 343596 URL: https://svnweb.freebsd.org/changeset/base/343596 Log: MFC r340129, r340195, r340198 r340129: capsicum: allow ppoll(2) in capability mode We already allow to use poll(2). There is no reason to disallow ppoll(2). PR: 232495 Submitted by: Stefan Grundmann <sg2342@googlemail.com> Reviewed by: cem, oshogbo r340195: capsicum: Add ppoll and freebsd32_ppoll to compat32. PR: 232495 Pointed out by: brooks r340198: Remove ppoll. freebsd32 doesn't define a ppoll syscall. Reported by: jhb Changes: _U stable/12/ stable/12/sys/compat/freebsd32/capabilities.conf stable/12/sys/kern/capabilities.conf A commit references this bug: Author: brooks Date: Wed Jan 30 23:48:11 UTC 2019 New revision: 343597 URL: https://svnweb.freebsd.org/changeset/base/343597 Log: Regen after r343596: enable ppoll in capability mode. PR: 232495 Changes: stable/12/sys/compat/freebsd32/freebsd32_sysent.c stable/12/sys/kern/init_sysent.c Merged to 12. It seems best not to touch 11, but we could if there's demand. |