Page MenuHomeFreeBSD

Capsicumify last(1)

Authored by cem on Sep 22 2016, 5:34 AM.
Referenced Files
Unknown Object (File)
Sun, Mar 9, 12:26 PM
Unknown Object (File)
Mon, Feb 17, 7:24 AM
Unknown Object (File)
Feb 7 2025, 5:13 AM
Unknown Object (File)
Feb 7 2025, 5:07 AM
Unknown Object (File)
Feb 7 2025, 5:00 AM
Unknown Object (File)
Feb 7 2025, 12:17 AM
Unknown Object (File)
Feb 2 2025, 1:50 PM
Unknown Object (File)
Feb 2 2025, 1:27 PM



Pretty straightforward as long as access to utx database is precached.

Test Plan
  • truss last
  • Depends on D7998

Diff Detail

rS FreeBSD src repository - subversion
Lint Not Applicable
Tests Not Applicable

Event Timeline

cem retitled this revision from to Capsicumify last(1).
cem updated this object.
cem edited the test plan for this revision. (Show Details)
cem added reviewers: ed, emaste, allanjude, oshogbo.
145 ↗(On Diff #20603)

There's no problem with just calling setutxent() here, right? That looks a bit less suspicious than opening/closing the utx database. Also be sure to put the comment above on a single line. :-)

150 ↗(On Diff #20603)

I think that this some in too early. What about last -f? It can open an arbitrary file.

Open arbitray -f database before entering cap mode.

cem marked 2 inline comments as done.Sep 23 2016, 4:41 PM
132 ↗(On Diff #20647)

... that way you can remove this setutxent() call! :-)

All we need is at least one call to setutxent() or setutxdb(). It's completely safe to call setutxdb() with a NULL path, as that will make it open the default path.

158 ↗(On Diff #20647)

What you can do: just move this right before the cap_enter() call, outside of this switch statement, because...

cem marked 2 inline comments as done.

Use single setutxdb() invocation.

Can now make use of capsicum helpers added in rS306657

cem edited edge metadata.
  • Use capsicum_helpers

There are some concerning capability access violations in truss logs still:

// Probably tzset():
access("/etc/localtime",R_OK)                    = 0 (0x0)
open("/etc/localtime",O_RDONLY,037777777600)     = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=11316113,size=2819,blksize=32768 }) = 0 (0x0)
read(3,"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0"...,41448) = 2819 (0xb03)
close(3)                                         = 0 (0x0)
issetugid()                                      = 0 (0x0)
open("/usr/share/zoneinfo/posixrules",O_RDONLY,00) = 3 (0x3)
fstat(3,{ mode=-r--r--r-- ,inode=327579,size=3519,blksize=32768 }) = 0 (0x0)
read(3,"TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0"...,41448) = 3519 (0xdbf)
close(3)                                         = 0 (0x0)
cap_enter()                                      = 0 (0x0)
// Why wasn't this stuff cached by tzset()?
open("/usr/share/zoneinfo/UTC",O_RDONLY,00)      ERR#94 'Not permitted in capability mode'
issetugid()                                      = 0 (0x0)
open("/usr/share/zoneinfo/posixrules",O_RDONLY,00) ERR#94 'Not permitted in capability mode'

Needs a little more investigation before being ready to commit.

In D8001#169271, @cem wrote:

Needs a little more investigation before being ready to commit.

you should be able to use proccontrol -m trapcap -s enable <cmd> now to find out where the useis coming from

you should be able to use proccontrol -m trapcap -s enable <cmd> now to find out where the useis coming from

I don't have a new enough kernel or userspace for that :-).

I will try to test this change locally soon

62 ↗(On Diff #21096)

Should sort with the rest of the headers, no?

62 ↗(On Diff #21096)


Sort capsicum_helpers with other headers.

Thanks. I will apply this to my local tree soon and give it a test with procctl.

Thanks. I will apply this to my local tree soon and give it a test with procctl.

Did you ever get a chance to test this? Thanks!

This revision was automatically updated to reflect the committed changes.