Bug 232495 - [patch] ppoll(2) is not permitted in capability mode
Summary: [patch] ppoll(2) is not permitted in capability mode
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Mariusz Zaborski
URL:
Keywords: easy, patch, security
Depends on:
Blocks:
 
Reported: 2018-10-21 01:59 UTC by Stefan Grundmann
Modified: 2019-01-30 23:52 UTC (History)
8 users (show)

See Also:

Attachments
patch to include ppoll in sys/kern/capabilities.conf (395 bytes, patch)
2018-10-21 02:05 UTC, Stefan Grundmann 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Grundmann 2018-10-21 01:59:28 UTC 
poll was included in sys/kern/capabilities.conf with it's first revision (r219131) together with a comment:
"## Allow poll(2), which will be scoped by capability rights."
"## XXXRW: We don't yet do that scoping."

in r224910 the poll(2) implementation for capabilities was added, but the now
miss-leading XXXRW comment in capabilites.conf was left there.

Given that the ppoll(2) and poll(2) implementations in sys/kern/sys_generic.c
share the capability relevant code; please

 - add ppoll to sys/kern/capabilities.conf
 - remove XXXRW comment
Comment 1 Stefan Grundmann 2018-10-21 02:05:03 UTC 
Created attachment 198424 [details]
patch to include ppoll in sys/kern/capabilities.conf
Comment 2 Conrad Meyer freebsd_committer freebsd_triage 2018-10-23 16:27:46 UTC 
Capabilities do not appear to restrict signals at all, aside from restricting signal delivery to foreign processes (which cannot be selectively enabled).  So I don't see any reason ppoll(2) cannot be treated the same as poll(2).
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-11-04 17:13:39 UTC 
A commit references this bug:

Author: oshogbo
Date: Sun Nov  4 17:12:53 UTC 2018
New revision: 340129
URL: https://svnweb.freebsd.org/changeset/base/340129

Log:
  capsicum: allow ppoll(2) in capability mode

  We already allow to use poll(2). There is no reason to disallow ppoll(2).

  PR:		232495
  Submitted by:	Stefan Grundmann <sg2342@googlemail.com>
  Reviewed by:	cem, oshogbo
  MFC after:	2 weeks

Changes:
  head/sys/kern/capabilities.conf
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-11-06 18:05:51 UTC 
A commit references this bug:

Author: oshogbo
Date: Tue Nov  6 18:05:46 UTC 2018
New revision: 340195
URL: https://svnweb.freebsd.org/changeset/base/340195

Log:
  capsicum: Add ppoll and freebsd32_ppoll to compat32.

  PR:		232495
  Pointed out by: brooks
  MFC after:	2 weeks

Changes:
  head/sys/compat/freebsd32/capabilities.conf
Comment 5 Hannes Mehnert 2019-01-30 11:13:00 UTC 
Thanks for working on this. The commits (early November 2018) to HEAD include a MFC of 2 weeks, but it doesn't look like they have been MFC'ed. It would be great to have these changes included in the next 12-RELEASE!
Comment 6 commit-hook freebsd_committer freebsd_triage 2019-01-30 23:48:07 UTC 
A commit references this bug:

Author: brooks
Date: Wed Jan 30 23:47:22 UTC 2019
New revision: 343596
URL: https://svnweb.freebsd.org/changeset/base/343596

Log:
  MFC r340129, r340195, r340198

  r340129:
  capsicum: allow ppoll(2) in capability mode

  We already allow to use poll(2). There is no reason to disallow
  ppoll(2).

  PR:		232495
  Submitted by:	Stefan Grundmann <sg2342@googlemail.com>
  Reviewed by:	cem, oshogbo

  r340195:
  capsicum: Add ppoll and freebsd32_ppoll to compat32.

  PR:		232495
  Pointed out by: brooks

  r340198:
  Remove ppoll. freebsd32 doesn't define a ppoll syscall.

  Reported by:	jhb

Changes:
_U  stable/12/
  stable/12/sys/compat/freebsd32/capabilities.conf
  stable/12/sys/kern/capabilities.conf
Comment 7 commit-hook freebsd_committer freebsd_triage 2019-01-30 23:48:11 UTC 
A commit references this bug:

Author: brooks
Date: Wed Jan 30 23:47:22 UTC 2019
New revision: 343596
URL: https://svnweb.freebsd.org/changeset/base/343596

Log:
  MFC r340129, r340195, r340198

  r340129:
  capsicum: allow ppoll(2) in capability mode

  We already allow to use poll(2). There is no reason to disallow
  ppoll(2).

  PR:		232495
  Submitted by:	Stefan Grundmann <sg2342@googlemail.com>
  Reviewed by:	cem, oshogbo

  r340195:
  capsicum: Add ppoll and freebsd32_ppoll to compat32.

  PR:		232495
  Pointed out by: brooks

  r340198:
  Remove ppoll. freebsd32 doesn't define a ppoll syscall.

  Reported by:	jhb

Changes:
_U  stable/12/
  stable/12/sys/compat/freebsd32/capabilities.conf
  stable/12/sys/kern/capabilities.conf
Comment 8 commit-hook freebsd_committer freebsd_triage 2019-01-30 23:49:15 UTC 
A commit references this bug:

Author: brooks
Date: Wed Jan 30 23:48:11 UTC 2019
New revision: 343597
URL: https://svnweb.freebsd.org/changeset/base/343597

Log:
  Regen after r343596: enable ppoll in capability mode.

  PR:		232495

Changes:
  stable/12/sys/compat/freebsd32/freebsd32_sysent.c
  stable/12/sys/kern/init_sysent.c
Comment 9 Brooks Davis freebsd_committer freebsd_triage 2019-01-30 23:52:13 UTC 
Merged to 12.  It seems best not to touch 11, but we could if there's demand.