Re: [capsicum] Sockets

On Wed, Jul 03, 2013 at 07:39:31AM -0700, Hans Stimer wrote:
> I have a few questions about constraining the use of sockets:
> * Do socket capabilities only apply to an already created socket?

Yes, you first need to create socket and then you can limit its
capability rights.

> * How do you constrain the use of new sockets created by an untrusted application? i.e. which port it binds to, whether it can connect or accept, what addresses it can it connect to, what protocols a socket can be created with, etc.

If the untrusted process is running in capability mode then system calls
that use global namespaces are not allowed, this includes bind(2) and
connect(2), but not accept(2). If such process wants to connect, another
(privileged) process has to delegate capability to the untrusted
process, ie. by sending connected or bound socket over UNIX domain

> * Can you block an untrusted application from making it's own sockets?

Creating sockets is always allowed (at least for some types - you
cannot create raw socket, for example), but what you do with the socket
might not be permitted - connecting and binding is not.

> I suppose if Capsicum can't help, I could look into using one of the firewalls. Any suggestions gratefully accepted.

Hope that helps.

Pawel Jakub Dawidek             
FreeBSD committer               
Am I Evil? Yes, I Am!           

Attachment: pgp2XAuIsFQbf.pgp
Description: PGP signature

This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.