Details

Reviewers

Commits

rG6d2a673f7ec5: ktrace: Record namei violations with KTR_CAPFAIL
rG0cd9cde767c3: ktrace: Record namei violations with KTR_CAPFAIL

Summary

Report namei path lookups while Capsicum violation tracing with
CAPFAIL_NAMEI. vfs caching is also ignored when tracing to mimic
capability mode behavior.

Programs that are not yet Capsicumized may be traced to discover
potential capability failures. With `ktrace -t p` and kdump, you
are given a list of syscalls as a starting point for program
Capsicumization.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

jfree created this revision.Jun 20 2023, 10:08 PM

Herald added a subscriber: imp. · View Herald TranscriptJun 20 2023, 10:08 PM

jfree requested review of this revision.Jun 20 2023, 10:08 PM

Change NI_LCF_STRICTRELATIVE to NI_LCF_STRICTREL where applicable.

jfree added a parent revision: D40676: ktrace: Record detailed ECAPMODE violations.Jun 20 2023, 10:21 PM

markj added inline comments.Sep 28 2023, 4:42 PM

sys/kern/uipc_syscalls.c
496	Consider making it a bit clearer that this is symbolic by writing "<AT_FDCWD>" instead, same above.
sys/kern/vfs_lookup.c
245	Are you sure that this string is nul-terminated?

jfree marked an inline comment as done.Jan 9 2024, 4:14 AM

jfree added inline comments.

sys/kern/vfs_lookup.c
245	Are you sure that this string is nul-terminated? It looks like `cn_pnbuf` is copied in using `copyinstr(9)` inside of `namei_getpath()`. A quick look at some `copyinstr(9)` assembly indicates that its return buffer will be nul-terminated upon success. `namei_getpath()` is called at the beginning of the `namei()` routine, so I'm pretty certain that `cn_pnbuf` should always be nul-terminated.

jfree added inline comments.Jan 9 2024, 4:22 AM

sys/kern/vfs_lookup.c
245	I should also note that it doesn't look like `cn_pnbuf` is modified anywhere, so its nul-terminator should never be overwritten.

Replace all instances of "AT_FDCWD" with "<AT_FDCWD>" when reporting a violation via ktrcapfail().

markj accepted this revision.Jan 18 2024, 3:46 PM

This revision is now accepted and ready to land.Jan 18 2024, 3:46 PM

jfree retitled this revision from ktrace: Record vfs violations with KTR_CAPFAIL to ktrace: Record namei violations with KTR_CAPFAIL.Mar 10 2024, 4:23 AM

jfree edited the summary of this revision. (Show Details)

Herald added a subscriber: olce. · View Herald TranscriptMar 10 2024, 4:23 AM