diff options
author | CismonX <admin@cismon.net> | 2024-04-29 04:48:26 +0000 |
---|---|---|
committer | Warner Losh <imp@FreeBSD.org> | 2024-04-29 04:48:31 +0000 |
commit | d289382897e7ded566a3aa10ae535235149c4056 (patch) | |
tree | a7b67ed16261743b3b478f203deac3094bdd5782 /lib | |
parent | 78444b5ade65568d817ecc3cfa5d66e05edf2b14 (diff) | |
download | src-d289382897e7ded566a3aa10ae535235149c4056.tar.gz src-d289382897e7ded566a3aa10ae535235149c4056.zip |
rights.4: various corrections on capability rights
- A file descriptor obtained from accept(2), accept4(2) and openat(2)
is not always assigned all capability rights. Instead, it inherits
capability rights from the "parent" socket/dir file descriptor.
- getdents(2) and getdirentries(2) requires CAP_READ.
- openat(2) with O_WRONLY|O_TRUNC does not require CAP_SEEK.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1207
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libsys/cap_rights_limit.2 | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/lib/libsys/cap_rights_limit.2 b/lib/libsys/cap_rights_limit.2 index eca30f55ea48..8372d07f6a5c 100644 --- a/lib/libsys/cap_rights_limit.2 +++ b/lib/libsys/cap_rights_limit.2 @@ -30,7 +30,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd March 9, 2023 +.Dd April 27, 2024 .Dt CAP_RIGHTS_LIMIT 2 .Os .Sh NAME @@ -44,20 +44,22 @@ .Fn cap_rights_limit "int fd" "const cap_rights_t *rights" .Sh DESCRIPTION When a file descriptor is created by a function such as -.Xr accept 2 , -.Xr accept4 2 , .Xr fhopen 2 , .Xr kqueue 2 , .Xr mq_open 2 , .Xr open 2 , -.Xr openat 2 , .Xr pdfork 2 , .Xr pipe 2 , .Xr shm_open 2 , .Xr socket 2 or .Xr socketpair 2 , -it is assigned all capability rights. +it is assigned all capability rights; for +.Xr accept 2 , +.Xr accept4 2 +or +.Xr openat 2 , +it inherits capability rights from the "parent" file descriptor. Those rights can be reduced (but never expanded) by using the .Fn cap_rights_limit system call. |