From nobody@FreeBSD.org  Wed Jan  1 06:12:09 2014
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id 430D32F5
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  1 Jan 2014 06:12:09 +0000 (UTC)
Received: from oldred.freebsd.org (oldred.freebsd.org [IPv6:2001:1900:2254:206a::50:4])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 14DD61AC9
	for <freebsd-gnats-submit@FreeBSD.org>; Wed,  1 Jan 2014 06:12:09 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id s016C8c0043407
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 1 Jan 2014 06:12:08 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id s016C8Kn043386;
	Wed, 1 Jan 2014 06:12:08 GMT
	(envelope-from nobody)
Message-Id: <201401010612.s016C8Kn043386@oldred.freebsd.org>
Date: Wed, 1 Jan 2014 06:12:08 GMT
From: Jan Beich <jbeich@tormail.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [libcapsicum] cap_init(3) doesn't work in multiuser environment
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         185384
>Category:       kern
>Synopsis:       [libcapsicum] cap_init(3) doesn't work in multiuser environment
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jan 01 06:20:00 UTC 2014
>Closed-Date:    Sun Feb 23 15:04:56 UTC 2014
>Last-Modified:  Sun Feb 23 15:04:56 UTC 2014
>Originator:     Jan Beich
>Release:        
>Organization:
>Environment:
>Description:
While r259581 enabled casperd(8) by default the socket it creates is
owned by root and cannot be written to by anyone else. An existing
consumer that tries to contact it via cap_init(3) under non-root would
fail with a warning like

  tcpdump: WARNING: unable to contact casperd

However, casperd(8) manpage hints -S and -P options can be used to
start the daemon with non-default paths. This doesn't seem to work as
expected because cap_init(3) hardcodes CASPER_SOCKPATH.

>How-To-Repeat:
$ ktrace ls >/dev/null
$ kdump -r >/dev/null
kdump: unable to contact casperd: Permission denied

$ sudo tcpdump -w foo -i my0
$ tcpdump -r foo >/dev/null
reading from file foo, link-type EN10MB (Ethernet)
tcpdump: WARNING: unable to contact casperd
^C

$ ps lwp $(pgrep casper)
UID PID PPID CPU PRI NI   VSZ  RSS MWCHAN STAT TT     TIME COMMAND
  0 851    1   0  20  0 22788 1988 select Is    -  0:00.00 /sbin/casperd
  0 850    1   0  20  0 22788 1984 select I    v0- 0:00.00 casperd: zygote (casperd)

>Fix:
A trivial workaround for use after login

  # put into ~/.profile or /etc/profile
  : ${CASPERD_DIR:=/tmp/casperd-$(id -u)}

  mkdir -p $CASPERD_DIR
  casperd -P $CASPERD_DIR/default.pid -S $CASPERD_DIR/default.socket
  export CASPER_SOCKPATH=$CASPERD_DIR/default.socket

--- getenv_sockpath.diff begins here ---
Index: lib/libcapsicum/libcapsicum.3
===================================================================
--- lib/libcapsicum/libcapsicum.3	(revision 260159)
+++ lib/libcapsicum/libcapsicum.3	(working copy)
@@ -218,6 +218,16 @@ The
 and
 .Fn cap_unwrap
 functions always succeed.
+.Sh ENVIRONMENT
+.Bl -tag -width ".Ev CASPER_SOCKPATH"
+.It Ev CASPER_SOCKPATH
+Specifies the path to
+.Xr unix 4
+domain socket used to communicate with the
+.Xr casperd 8
+daemon. If not set,
+.Pa /var/run/casper
+is used.
 .Sh EXAMPLES
 The following example first opens capability to the
 .Xr casperd 8
Index: lib/libcapsicum/libcapsicum.c
===================================================================
--- lib/libcapsicum/libcapsicum.c	(revision 260159)
+++ lib/libcapsicum/libcapsicum.c	(working copy)
@@ -76,7 +76,7 @@ cap_init(void)
 
 	bzero(&sun, sizeof(sun));
 	sun.sun_family = AF_UNIX;
-	strlcpy(sun.sun_path, CASPER_SOCKPATH, sizeof(sun.sun_path));
+	strlcpy(sun.sun_path, getenv("CASPER_SOCKPATH") ? : CASPER_SOCKPATH, sizeof(sun.sun_path));
 	sun.sun_len = SUN_LEN(&sun);
 
 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
--- getenv_sockpath.diff ends here ---

Alternatively, casperd(8) can be run under a dedicated user/group
with only one instance.


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: antoine 
State-Changed-When: Sun Feb 23 15:04:18 UTC 2014 
State-Changed-Why:  
Fixed in r260471 

http://www.freebsd.org/cgi/query-pr.cgi?pr=185384 
>Unformatted:
