On 09.09.2014 21:53, Patrick Kelsey wrote: > I don't think it is worth the trouble, as given the larger pattern of > libc routines requiring multiple capsicum rights, it seems one will in > general have to have libc implementation knowledge when using it in > concert with capsicum. For example, consider the limitfd() routine in > kdump.c, which provides rights for the TIOCGETA ioctl to be used on > stdout so the eventual call to isatty() via printf() will work as intended. > > I think the above kdump example is a good one for the subtle issues that > can arise when using capsicum with libc. That call to isatty() is via a > widely-used internal libc routine __smakebuf(). __smakebuf() also calls > __swhatbuf(), which in turn calls _fstat(), all to make sure that output > to a tty is line buffered by default. It would appear that programs > that restrict rights on stdout without allowing CAP_IOCTL and CAP_FSTAT > could be disabling the normally default line buffering when stdout is a > tty. kdump goes the distance, but dhclient does not (restricting stdout > to CAP_WRITE only). > > In any event, the patch attached to my first message is seeming like the > way to go. Well, then commit it (if capsicum team agrees). -- http://ache.vniz.net/Received on Wed Sep 10 2014 - 05:00:26 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:52 UTC