Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-17 Thread Peter Wemm
On Tuesday, September 16, 2014 12:42:36 PM Mateusz Guzik wrote: On Fri, Sep 12, 2014 at 09:29:56PM -0700, Peter Wemm wrote: On Thursday, September 11, 2014 12:38:02 PM Patrick Kelsey wrote: On Wed, Sep 10, 2014 at 3:00 AM, Andrey Chernov a...@freebsd.org wrote: On 09.09.2014 21:53,

Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-16 Thread Mateusz Guzik
On Fri, Sep 12, 2014 at 09:29:56PM -0700, Peter Wemm wrote: On Thursday, September 11, 2014 12:38:02 PM Patrick Kelsey wrote: On Wed, Sep 10, 2014 at 3:00 AM, Andrey Chernov a...@freebsd.org wrote: On 09.09.2014 21:53, Patrick Kelsey wrote: I don't think it is worth the trouble, as given

Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-13 Thread Andrey Chernov
On 13.09.2014 8:29, Peter Wemm wrote: On Thursday, September 11, 2014 12:38:02 PM Patrick Kelsey wrote: On Wed, Sep 10, 2014 at 3:00 AM, Andrey Chernov a...@freebsd.org wrote: On 09.09.2014 21:53, Patrick Kelsey wrote: I don't think it is worth the trouble, as given the larger pattern of libc

Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-12 Thread Peter Wemm
On Thursday, September 11, 2014 12:38:02 PM Patrick Kelsey wrote: On Wed, Sep 10, 2014 at 3:00 AM, Andrey Chernov a...@freebsd.org wrote: On 09.09.2014 21:53, Patrick Kelsey wrote: I don't think it is worth the trouble, as given the larger pattern of libc routines requiring multiple

Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-11 Thread Patrick Kelsey
On Wed, Sep 10, 2014 at 3:00 AM, Andrey Chernov a...@freebsd.org wrote: On 09.09.2014 21:53, Patrick Kelsey wrote: I don't think it is worth the trouble, as given the larger pattern of libc routines requiring multiple capsicum rights, it seems one will in general have to have libc

Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-10 Thread Andrey Chernov
On 09.09.2014 21:53, Patrick Kelsey wrote: I don't think it is worth the trouble, as given the larger pattern of libc routines requiring multiple capsicum rights, it seems one will in general have to have libc implementation knowledge when using it in concert with capsicum. For example,

Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-09 Thread Patrick Kelsey
On Mon, Sep 8, 2014 at 6:00 PM, Andrey Chernov a...@freebsd.org wrote: On 09.09.2014 1:13, Patrick Kelsey wrote: You make a godo point about the wider use of fcntl() in libc - aside from the rpc code, by my count there are 14 other entry points in libc that use fcntl in their

_ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-08 Thread Patrick Kelsey
In r268997, _ftello() was modified to use _fcntl(F_GETFL) in the non-append, write-only path. Consequently, programs that use _ftello() (via ftell, fgetpos, fsetpos, fseek, rewind...) on non-append, write-only files and that use capsicum to restrict capabilities on the associated fds to

Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-08 Thread Andrey Chernov
On 09.09.2014 0:28, Patrick Kelsey wrote: In r268997, _ftello() was modified to use _fcntl(F_GETFL) in the non-append, write-only path. Consequently, programs that use _ftello() (via ftell, fgetpos, fsetpos, fseek, rewind...) on non-append, write-only files and that use capsicum to restrict

Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-08 Thread Patrick Kelsey
On Mon, Sep 8, 2014 at 4:42 PM, Andrey Chernov a...@freebsd.org wrote: On 09.09.2014 0:28, Patrick Kelsey wrote: In r268997, _ftello() was modified to use _fcntl(F_GETFL) in the non-append, write-only path. Consequently, programs that use _ftello() (via ftell, fgetpos, fsetpos, fseek,

Re: _ftello() modification requires additional capsicum rights, breaking tcpdump and dhclient

2014-09-08 Thread Andrey Chernov
On 09.09.2014 1:13, Patrick Kelsey wrote: You make a godo point about the wider use of fcntl() in libc - aside from the rpc code, by my count there are 14 other entry points in libc that use fcntl in their implementation. To experience breakage, programs that use those entry points would also