Page MenuHomeFreeBSD
Differential D45673

socket: Pass capsicum rights down to socket option handlers
ClosedPublic
Actions

Authored by markj on Jun 21 2024, 4:48 PM.
Tags
None
Referenced Files
F107397068: D45673.diff
Mon, Jan 13, 2:39 PM
Unknown Object (File)
Sun, Jan 12, 2:09 AM
Unknown Object (File)
Mon, Jan 6, 10:45 PM
Unknown Object (File)
Sat, Dec 21, 7:32 PM
Unknown Object (File)
Dec 11 2024, 8:37 PM
Unknown Object (File)
Dec 5 2024, 5:45 PM
Unknown Object (File)
Dec 5 2024, 4:02 PM
Unknown Object (File)
Nov 27 2024, 3:27 AM
View All 72 Files
Subscribers
imp
jonathan
olce

Details

Reviewers
glebius
gallatin
Commits
rG88c041e4870c: socket: Pass capsicum rights down to socket option handlers
rGe2e771deeca7: socket: Pass capsicum rights down to socket option handlers
Summary

One needs the CAP_GETSOCKOPT and CAP_SETSOCKOPT rights to call
getsockopt(2) and setsockopt(2) on a socket descriptor, respectively.
The syscall layer checks this, but individual socket option handlers
have no access to the file descriptor and so can't check for additional
rights, should the want to do so. In particular, a forthcoming
implementation of SO_SPLICE logically requires at least the CAP_RECV
right.

Modify the syscall layer to look up Capsicum rights on the descriptor
and pass that along to socket option handlers; this way, the handlers
can check for additional rights if they need to.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 58282
Build 55170: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
kern/
9 lines
sys/
2 lines

Diff 140074

View Options

sys/kern/uipc_syscalls.c

Loading...
View Options

sys/sys/sockopt.h

Loading...