看板FB_security
标 题Capsicum and sendto(2)
发信站NCTU CS FreeBSD Server (Wed Jan 22 06:45:11 2014)
转信站ptt!csnews.cs.nctu!news.cednctu!FreeBSD.cs.nctu!.POSTED!freebsd.org!ow
Hi,
What is the intended behavior of sendto() with non-NULL destination
when the capability mode is enabled?
If the capability mode is *not* enabled, it is checked against
CAP_CONNECT in kern_sendit() @ uipc_syscall.c.
This matches the explanation in the rights(4) manual page.
However, if the capability mode is enabled, it is always
rejected in sendit(). Is this intended?
Best regards,
Ken
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "
[email protected]"