Re: svn commit: r346263 - head/contrib/tcpdump
On Tue, 16 Apr 2019 at 11:38, Conrad Meyer wrote: > > I don't think documenting that makes much sense in general. It would > be extremely burdensome to fully document and quickly become > desynchronized from the code. It's comparable to OpenBSD pledging > differently in different paths of programs. It's probably worth having tcpdump emit a warning if it's not able to enter capability mode as a result of the options in use, if someone's interested in proposing a patch. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r346263 - head/contrib/tcpdump
On Tue, Apr 16, 2019 at 6:20 AM Shawn Webb wrote: > Is there any documentation anywhere telling users that Capsicum > support will be disabled under certain circumstances? Hi Shawn, I don't think documenting that makes much sense in general. It would be extremely burdensome to fully document and quickly become desynchronized from the code. It's comparable to OpenBSD pledging differently in different paths of programs. To me, "for now," suggests that this is perhaps a temporary workaround and maybe we can do something better in the future. Take care, Conrad P.S., When do you plan to update your Easy Feature Comparison page to reflect that FreeBSD has the same procfs and "boot hardening" as HBSD? ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r346263 - head/contrib/tcpdump
On Tue, Apr 16, 2019 at 04:12:42AM +, Mariusz Zaborski wrote: > Author: oshogbo > Date: Tue Apr 16 04:12:41 2019 > New Revision: 346263 > URL: https://svnweb.freebsd.org/changeset/base/346263 > > Log: > tcpdump: disable Capsicum if -E option is provided. > > The -E is used to provide a secret for decrypting IPsec. > The secret may be provided through command line or as the file. > The problem is that tcpdump doesn't support yet opening files in capability > mode > and the file may contain a list of the files to open. > > As a workaround, for now, let's just disable capsicum if the -E > the option is provided. > > PR: 236819 > MFC after: 2 weeks > > Modified: > head/contrib/tcpdump/tcpdump.c > > Modified: head/contrib/tcpdump/tcpdump.c > == > --- head/contrib/tcpdump/tcpdump.cTue Apr 16 02:48:04 2019 > (r346262) > +++ head/contrib/tcpdump/tcpdump.cTue Apr 16 04:12:41 2019 > (r346263) > @@ -2063,7 +2063,8 @@ main(int argc, char **argv) > } > > #ifdef HAVE_CAPSICUM > - cansandbox = (VFileName == NULL && zflag == NULL); > + cansandbox = (VFileName == NULL && zflag == NULL && > + ndo->ndo_espsecret == NULL); > #ifdef HAVE_CASPER > cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL)); > #else Is there any documentation anywhere telling users that Capsicum support will be disabled under certain circumstances? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 signature.asc Description: PGP signature
svn commit: r346263 - head/contrib/tcpdump
Author: oshogbo Date: Tue Apr 16 04:12:41 2019 New Revision: 346263 URL: https://svnweb.freebsd.org/changeset/base/346263 Log: tcpdump: disable Capsicum if -E option is provided. The -E is used to provide a secret for decrypting IPsec. The secret may be provided through command line or as the file. The problem is that tcpdump doesn't support yet opening files in capability mode and the file may contain a list of the files to open. As a workaround, for now, let's just disable capsicum if the -E the option is provided. PR: 236819 MFC after:2 weeks Modified: head/contrib/tcpdump/tcpdump.c Modified: head/contrib/tcpdump/tcpdump.c == --- head/contrib/tcpdump/tcpdump.c Tue Apr 16 02:48:04 2019 (r346262) +++ head/contrib/tcpdump/tcpdump.c Tue Apr 16 04:12:41 2019 (r346263) @@ -2063,7 +2063,8 @@ main(int argc, char **argv) } #ifdef HAVE_CAPSICUM - cansandbox = (VFileName == NULL && zflag == NULL); + cansandbox = (VFileName == NULL && zflag == NULL && + ndo->ndo_espsecret == NULL); #ifdef HAVE_CASPER cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL)); #else ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r346263 - head/contrib/tcpdump
On Tue, 16 Apr 2019 at 11:38, Conrad Meyer wrote: > > I don't think documenting that makes much sense in general. It would > be extremely burdensome to fully document and quickly become > desynchronized from the code. It's comparable to OpenBSD pledging > differently in different paths of programs. It's probably worth having tcpdump emit a warning if it's not able to enter capability mode as a result of the options in use, if someone's interested in proposing a patch. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r346263 - head/contrib/tcpdump
On Tue, Apr 16, 2019 at 6:20 AM Shawn Webb wrote: > Is there any documentation anywhere telling users that Capsicum > support will be disabled under certain circumstances? Hi Shawn, I don't think documenting that makes much sense in general. It would be extremely burdensome to fully document and quickly become desynchronized from the code. It's comparable to OpenBSD pledging differently in different paths of programs. To me, "for now," suggests that this is perhaps a temporary workaround and maybe we can do something better in the future. Take care, Conrad P.S., When do you plan to update your Easy Feature Comparison page to reflect that FreeBSD has the same procfs and "boot hardening" as HBSD? ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r346263 - head/contrib/tcpdump
On Tue, Apr 16, 2019 at 04:12:42AM +, Mariusz Zaborski wrote: > Author: oshogbo > Date: Tue Apr 16 04:12:41 2019 > New Revision: 346263 > URL: https://svnweb.freebsd.org/changeset/base/346263 > > Log: > tcpdump: disable Capsicum if -E option is provided. > > The -E is used to provide a secret for decrypting IPsec. > The secret may be provided through command line or as the file. > The problem is that tcpdump doesn't support yet opening files in capability > mode > and the file may contain a list of the files to open. > > As a workaround, for now, let's just disable capsicum if the -E > the option is provided. > > PR: 236819 > MFC after: 2 weeks > > Modified: > head/contrib/tcpdump/tcpdump.c > > Modified: head/contrib/tcpdump/tcpdump.c > == > --- head/contrib/tcpdump/tcpdump.cTue Apr 16 02:48:04 2019 > (r346262) > +++ head/contrib/tcpdump/tcpdump.cTue Apr 16 04:12:41 2019 > (r346263) > @@ -2063,7 +2063,8 @@ main(int argc, char **argv) > } > > #ifdef HAVE_CAPSICUM > - cansandbox = (VFileName == NULL && zflag == NULL); > + cansandbox = (VFileName == NULL && zflag == NULL && > + ndo->ndo_espsecret == NULL); > #ifdef HAVE_CASPER > cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL)); > #else Is there any documentation anywhere telling users that Capsicum support will be disabled under certain circumstances? Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 signature.asc Description: PGP signature
svn commit: r346263 - head/contrib/tcpdump
Author: oshogbo Date: Tue Apr 16 04:12:41 2019 New Revision: 346263 URL: https://svnweb.freebsd.org/changeset/base/346263 Log: tcpdump: disable Capsicum if -E option is provided. The -E is used to provide a secret for decrypting IPsec. The secret may be provided through command line or as the file. The problem is that tcpdump doesn't support yet opening files in capability mode and the file may contain a list of the files to open. As a workaround, for now, let's just disable capsicum if the -E the option is provided. PR: 236819 MFC after:2 weeks Modified: head/contrib/tcpdump/tcpdump.c Modified: head/contrib/tcpdump/tcpdump.c == --- head/contrib/tcpdump/tcpdump.c Tue Apr 16 02:48:04 2019 (r346262) +++ head/contrib/tcpdump/tcpdump.c Tue Apr 16 04:12:41 2019 (r346263) @@ -2063,7 +2063,8 @@ main(int argc, char **argv) } #ifdef HAVE_CAPSICUM - cansandbox = (VFileName == NULL && zflag == NULL); + cansandbox = (VFileName == NULL && zflag == NULL && + ndo->ndo_espsecret == NULL); #ifdef HAVE_CASPER cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL)); #else ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"