subject:"ktrace\/kdump give incorrect message on unlinkat\(\) failure due to capabilities"

Re: ktrace/kdump give incorrect message on unlinkat() failure due to capabilities

2019-10-08 Thread Sergey Kandaurov

On Mon, Oct 07, 2019 at 09:48:16AM -0700, John Baldwin wrote:
> On 9/25/19 10:33 AM, Sergey Kandaurov wrote:
> > 
> > Index: lib/libsysdecode/mktables
> > ===
> > --- lib/libsysdecode/mktables   (revision 352685)
> > +++ lib/libsysdecode/mktables   (working copy)
> > @@ -157,7 +157,7 @@
> >  gen_table "sigcode" "SI_[A-Z]+[[:space:]]+0(x[0-9abcdef]+)?"   
> > "sys/signal.h"
> >  gen_table "umtxcvwaitflags" "CVWAIT_[A-Z_]+[[:space:]]+0x[0-9]+"   
> > "sys/umtx.h"
> >  gen_table "umtxrwlockflags" "URWLOCK_PREFER_READER[[:space:]]+0x[0-9]+"
> > "sys/umtx.h"
> > -gen_table "caprights"   
> > "CAP_[A-Z_]+[[:space:]]+CAPRIGHT\([0-9],[[:space:]]+0x[0-9]{16}ULL\)"   
> > "sys/capsicum.h"
> > +gen_table "caprights"   
> > "CAP_[A-Z_]+[[:space:]]+(CAPRIGHT|[()A-Z_|[:space:]]+CAP_LOOKUP)"   
> > "sys/capsicum.h"
> >  gen_table "sctpprpolicy""SCTP_PR_SCTP_[A-Z_]+[[:space:]]+0x[0-9]+" 
> > "netinet/sctp_uio.h" "SCTP_PR_SCTP_ALL"
> >  gen_table "cmsgtypesocket"  "SCM_[A-Z_]+[[:space:]]+0x[0-9]+"  
> > "sys/socket.h"
> >  if [ -e "${include_dir}/x86/sysarch.h" ]; then
> 
> CAP_SEEK and CAP_MMAP_X might also be subject to this.  However, I'm not quite
> understanding the regex, or at least why the modified portion of the regex 
> isn't
> something like this:
> 
> (CAPRIGHT\(|\(CAP_LOOKUP)

This won't match against CAP_LOOKUP on the right side, as in CAP_FSTATAT,
but since it is built from CAP_FSTAT and CAP_LOOKUP, it should be fine still.

> That is, you currently have [()A-Z_|[:space:]]+ for an expression that I think
> will only ever match a single '(' character.

All this sad magic is for preceding characters before CAP_LOOKUP,
such as in "(CAP_FSTAT | CAP_LOOKUP".  But seems it isn't needed.

> A more general form that might work for CAP_SEEK and CAP_MMAP_X might be
> to match on 'CAP_ | 0x 
> (CAPRIGHT\(|\([^)]*CAP_[A-Z_]+ \| 0x[0-9]+)

Given the above, it looks fine.
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: ktrace/kdump give incorrect message on unlinkat() failure due to capabilities

2019-10-07 Thread John Baldwin

On 9/25/19 10:33 AM, Sergey Kandaurov wrote:
> On Sat, Sep 21, 2019 at 08:43:58PM -0400, Ryan Stone wrote:
>> I have written a short test program that runs unlinkat(2) in
>> capability mode and fails due to not having the write capabilities:
>>
>> https://people.freebsd.org/~rstone/src/unlink.c
>>
>> If I run the binary under ktrace and look at the kdump output, it
>> gives the following incorrect output:
>>
>> 43775 unlink   CALL  unlinkat(0x3,0x7fffe995,0)
>> 43775 unlink   NAMI  "from.QAUlAA0"
>> 43775 unlink   CAP   operation requires CAP_LOOKUP, descriptor holds 
>> CAP_LOOKUP
>> 43775 unlink   RET   unlinkat -1 errno 93 Capabilities insufficient
>>
>> The message should instead say that the operation requires
>> CAP_UNLINKAT.  Looking at sys/capsicum.h, I suspect that the problem
>> is related to the strange definition of CAP_UNLINKAT:
>>
>> #define CAP_UNLINKAT (CAP_LOOKUP | 0x1000ULL)
> 
> FYI, with this grep it was able to decode capabilities.
> 
> Index: lib/libsysdecode/mktables
> ===
> --- lib/libsysdecode/mktables (revision 352685)
> +++ lib/libsysdecode/mktables (working copy)
> @@ -157,7 +157,7 @@
>  gen_table "sigcode" "SI_[A-Z]+[[:space:]]+0(x[0-9abcdef]+)?"   
> "sys/signal.h"
>  gen_table "umtxcvwaitflags" "CVWAIT_[A-Z_]+[[:space:]]+0x[0-9]+"   
> "sys/umtx.h"
>  gen_table "umtxrwlockflags" "URWLOCK_PREFER_READER[[:space:]]+0x[0-9]+"
> "sys/umtx.h"
> -gen_table "caprights"   
> "CAP_[A-Z_]+[[:space:]]+CAPRIGHT\([0-9],[[:space:]]+0x[0-9]{16}ULL\)"   
> "sys/capsicum.h"
> +gen_table "caprights"   
> "CAP_[A-Z_]+[[:space:]]+(CAPRIGHT|[()A-Z_|[:space:]]+CAP_LOOKUP)"   
> "sys/capsicum.h"
>  gen_table "sctpprpolicy""SCTP_PR_SCTP_[A-Z_]+[[:space:]]+0x[0-9]+" 
> "netinet/sctp_uio.h" "SCTP_PR_SCTP_ALL"
>  gen_table "cmsgtypesocket"  "SCM_[A-Z_]+[[:space:]]+0x[0-9]+"  
> "sys/socket.h"
>  if [ -e "${include_dir}/x86/sysarch.h" ]; then

CAP_SEEK and CAP_MMAP_X might also be subject to this.  However, I'm not quite
understanding the regex, or at least why the modified portion of the regex isn't
something like this:

(CAPRIGHT\(|\(CAP_LOOKUP)

That is, you currently have [()A-Z_|[:space:]]+ for an expression that I think
will only ever match a single '(' character.

A more general form that might work for CAP_SEEK and CAP_MMAP_X might be
to match on 'CAP_ | 0xhttps://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: ktrace/kdump give incorrect message on unlinkat() failure due to capabilities

2019-09-25 Thread Sergey Kandaurov

On Sat, Sep 21, 2019 at 08:43:58PM -0400, Ryan Stone wrote:
> I have written a short test program that runs unlinkat(2) in
> capability mode and fails due to not having the write capabilities:
> 
> https://people.freebsd.org/~rstone/src/unlink.c
> 
> If I run the binary under ktrace and look at the kdump output, it
> gives the following incorrect output:
> 
> 43775 unlink   CALL  unlinkat(0x3,0x7fffe995,0)
> 43775 unlink   NAMI  "from.QAUlAA0"
> 43775 unlink   CAP   operation requires CAP_LOOKUP, descriptor holds 
> CAP_LOOKUP
> 43775 unlink   RET   unlinkat -1 errno 93 Capabilities insufficient
> 
> The message should instead say that the operation requires
> CAP_UNLINKAT.  Looking at sys/capsicum.h, I suspect that the problem
> is related to the strange definition of CAP_UNLINKAT:
> 
> #define CAP_UNLINKAT (CAP_LOOKUP | 0x1000ULL)

FYI, with this grep it was able to decode capabilities.

Index: lib/libsysdecode/mktables
===
--- lib/libsysdecode/mktables   (revision 352685)
+++ lib/libsysdecode/mktables   (working copy)
@@ -157,7 +157,7 @@
 gen_table "sigcode" "SI_[A-Z]+[[:space:]]+0(x[0-9abcdef]+)?"   
"sys/signal.h"
 gen_table "umtxcvwaitflags" "CVWAIT_[A-Z_]+[[:space:]]+0x[0-9]+"   
"sys/umtx.h"
 gen_table "umtxrwlockflags" "URWLOCK_PREFER_READER[[:space:]]+0x[0-9]+"
"sys/umtx.h"
-gen_table "caprights"   
"CAP_[A-Z_]+[[:space:]]+CAPRIGHT\([0-9],[[:space:]]+0x[0-9]{16}ULL\)"   
"sys/capsicum.h"
+gen_table "caprights"   
"CAP_[A-Z_]+[[:space:]]+(CAPRIGHT|[()A-Z_|[:space:]]+CAP_LOOKUP)"   
"sys/capsicum.h"
 gen_table "sctpprpolicy""SCTP_PR_SCTP_[A-Z_]+[[:space:]]+0x[0-9]+" 
"netinet/sctp_uio.h" "SCTP_PR_SCTP_ALL"
 gen_table "cmsgtypesocket"  "SCM_[A-Z_]+[[:space:]]+0x[0-9]+"  
"sys/socket.h"
 if [ -e "${include_dir}/x86/sysarch.h" ]; then

On unlink.c, it gives:
 45494 unlink   CALL  cap_rights_limit(0x3,0x7fffead0)
 45494 unlink   STRU  cap_rights_t CAP_LOOKUP
 45494 unlink   RET   cap_rights_limit 0
 45494 unlink   CALL  openat(AT_FDCWD,0x200323,0)
 45494 unlink   NAMI  "/tmp"
 45494 unlink   RET   openat 4
 45494 unlink   CALL  cap_rights_limit(0x4,0x7fffead0)
 45494 unlink   STRU  cap_rights_t CAP_LOOKUP,CAP_UNLINKAT
 45494 unlink   RET   cap_rights_limit 0
 45494 unlink   CALL  cap_enter
 45494 unlink   RET   cap_enter 0
 45494 unlink   CALL  unlinkat(0x3,0x7fffeaa5,0)
 45494 unlink   NAMI  "from.YG6jQx2"
 45494 unlink   CAP   operation requires CAP_LOOKUP,CAP_UNLINKAT, descriptor 
holds CAP_LOOKUP

> I have observed the same problem with renameat(2) and
> CAP_RENAMEAT_SOURCE and CAP_RENAMEAT_TARGET:
> 
> https://people.freebsd.org/~rstone/src/rename.c

 49410 rename   CAP   operation requires CAP_LOOKUP,CAP_RENAMEAT_SOURCE, 
descriptor holds CAP_LOOKUP
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

ktrace/kdump give incorrect message on unlinkat() failure due to capabilities

2019-09-21 Thread Ryan Stone

I have written a short test program that runs unlinkat(2) in
capability mode and fails due to not having the write capabilities:

https://people.freebsd.org/~rstone/src/unlink.c

If I run the binary under ktrace and look at the kdump output, it
gives the following incorrect output:

43775 unlink   CALL  unlinkat(0x3,0x7fffe995,0)
43775 unlink   NAMI  "from.QAUlAA0"
43775 unlink   CAP   operation requires CAP_LOOKUP, descriptor holds CAP_LOOKUP
43775 unlink   RET   unlinkat -1 errno 93 Capabilities insufficient

The message should instead say that the operation requires
CAP_UNLINKAT.  Looking at sys/capsicum.h, I suspect that the problem
is related to the strange definition of CAP_UNLINKAT:

#define CAP_UNLINKAT (CAP_LOOKUP | 0x1000ULL)

I have observed the same problem with renameat(2) and
CAP_RENAMEAT_SOURCE and CAP_RENAMEAT_TARGET:

https://people.freebsd.org/~rstone/src/rename.c
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: ktrace/kdump give incorrect message on unlinkat() failure due to capabilities

Re: ktrace/kdump give incorrect message on unlinkat() failure due to capabilities

Re: ktrace/kdump give incorrect message on unlinkat() failure due to capabilities

ktrace/kdump give incorrect message on unlinkat() failure due to capabilities

4 matches

Site Navigation

Mail list logo

Footer information