diff options
| author | Val Packett <val@packett.cool> | 2023-02-19 20:14:15 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2023-03-02 20:58:00 +0000 |
| commit | c7a8502bdf187ccf035c5b29a93e34cc01346a73 (patch) | |
| tree | 27905340e100d14997b75de0ba734866b63ee256 | |
| parent | 939b24b0abbd703948981c9bcb07afd7b01ca3b1 (diff) | |
| download | src-c7a8502bdf187ccf035c5b29a93e34cc01346a73.tar.gz src-c7a8502bdf187ccf035c5b29a93e34cc01346a73.zip | |
open.2: describe O_RESOLVE_BENEATH errors correctly
The behavior is the same as in capability mode, it does not actually
return EINVAL for absolute lookups:
openat(AT_FDCWD,"/tmp/test",O_RDONLY|O_DIRECTORY,00) = 3 (0x3)
openat(3,"../../",O_RDONLY|0x800000,00) ERR#93 'Capabilities insufficient'
openat(3,"/etc/passwd",O_RDONLY|0x800000,00) ERR#93 'Capabilities insufficient'
Fixes: 1f305be43 ("Document {O,AT}_RESOLVE_BENEATH...")
Reviewed by: kib, pauamma (manpages), emaste
Sponsored by: https://www.patreon.com/valpackett
Pull Request: https://github.com/freebsd/freebsd-src/pull/680
Differential Revision: https://reviews.freebsd.org/D38675
| -rw-r--r-- | lib/libc/sys/open.2 | 39 |
1 files changed, 23 insertions, 16 deletions
diff --git a/lib/libc/sys/open.2 b/lib/libc/sys/open.2 index 876a4ce1e57d..574b6b136d39 100644 --- a/lib/libc/sys/open.2 +++ b/lib/libc/sys/open.2 @@ -28,7 +28,7 @@ .\" @(#)open.2 8.2 (Berkeley) 11/16/93 .\" $FreeBSD$ .\" -.Dd April 22, 2022 +.Dd March 2, 2023 .Dt OPEN 2 .Os .Sh NAME @@ -572,12 +572,6 @@ and .Dv O_EXEC or .Dv O_SEARCH . -.It Bq Er EINVAL -The -.Dv O_RESOLVE_BENEATH -flag is specified and -.Dv path -is absolute. .It Bq Er EBADF The .Fa path @@ -606,19 +600,32 @@ is specified and the process is in capability mode. was called and the process is in capability mode. .It Bq Er ENOTCAPABLE .Fa path -is an absolute path, -or contained a ".." component leading to a -directory outside of the directory hierarchy specified by -.Fa fd , +is an absolute path and the process is in capability mode. +.It Bq Er ENOTCAPABLE +.Fa path +is an absolute path and +.Dv O_RESOLVE_BENEATH +is specified. +.It Bq Er ENOTCAPABLE +.Fa path +contains a ".." component leading to a directory outside +of the directory hierarchy specified by +.Fa fd and the process is in capability mode. .It Bq Er ENOTCAPABLE -The +.Fa path +contains a ".." component leading to a directory outside +of the directory hierarchy specified by +.Fa fd +and .Dv O_RESOLVE_BENEATH -flag was provided, and the relative +is specified. +.It Bq Er ENOTCAPABLE .Fa path -escapes the -.Ar fd -directory. +contains a ".." component, the +.Dv vfs.lookup_cap_dotdot +.Xr sysctl 3 +is set, and the process is in capability mode. .El .Sh SEE ALSO .Xr chmod 2 , |