Page MenuHomeFreeBSD
Differential D29523

traceroute6: Fix rights for rcvsock
ClosedPublic
Actions

Authored by markj on Mar 31 2021, 10:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 26, 5:18 AM
Unknown Object (File)
Sat, Oct 26, 5:18 AM
Unknown Object (File)
Sat, Oct 26, 5:18 AM
Unknown Object (File)
Sat, Oct 26, 5:17 AM
Unknown Object (File)
Fri, Oct 25, 2:10 PM
Unknown Object (File)
Sep 29 2024, 2:29 AM
Unknown Object (File)
Sep 27 2024, 4:17 PM
Unknown Object (File)
Sep 27 2024, 8:34 AM
View All 86 Files
Subscribers
imp
zlei

Details

Reviewers
oshogbo
Commits
rGd3f2c31b43b7: traceroute6: Fix Capsicum rights for rcvsock
rGb8ae450f05e6: traceroute6: Fix Capsicum rights for rcvsock
Summary
  • Always use distinct sockets for send and recv
  • Limit rights on the recv socket
  • Limit rights before entering capability mode

For ICMP6 we were using the same socket for both, and we limited rights
on the socket such that it's impossible to receive anything.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 38229
Build 35118: arc lint + arc unit

Event Timeline

markj created this revision.Mar 31 2021, 10:41 PM
Herald added a subscriber: imp. · View Herald TranscriptMar 31 2021, 10:41 PM
markj requested review of this revision.Mar 31 2021, 10:41 PM
Harbormaster completed remote builds in B38229: Diff 86648.Mar 31 2021, 10:41 PM
zlei added a subscriber: zlei.Apr 1 2021, 4:56 AM
zlei added inline comments.
usr.sbin/traceroute6/traceroute6.c
937

Copy paste typo

942

It looks good entering capability mode before limiting rights. So no need to adjust here.

oshogbo added a comment.Apr 1 2021, 10:36 AM

After addressing @zlei.huang_gmail.com points - LGTM.

markj updated this revision to Diff 86686.Apr 1 2021, 2:00 PM
markj marked an inline comment as done.

Address feedback.

Harbormaster completed remote builds in B38248: Diff 86686.Apr 1 2021, 2:00 PM
This revision was not accepted when it landed; it landed in state Needs Review.Apr 1 2021, 2:01 PM
Closed by commit rGb8ae450f05e6: traceroute6: Fix Capsicum rights for rcvsock (authored by markj). · Explain Why
This revision was automatically updated to reflect the committed changes.
markj added a commit: rGb8ae450f05e6: traceroute6: Fix Capsicum rights for rcvsock.
markj added a commit: rGd3f2c31b43b7: traceroute6: Fix Capsicum rights for rcvsock.Apr 5 2021, 1:52 PM

Revision Contents
Changeset List

PathSize
usr.sbin/
traceroute6/
19 lines

Diff 86648

View Options

usr.sbin/traceroute6/traceroute6.c

Loading...