mirror of
https://github.com/opnsense/src.git
synced 2026-06-19 13:39:12 -04:00
9da2fe96ff
On most other platforms observed, including OpenBSD, NetBSD, and Linux,
these system calls have long since been converted to only touching the
supplementary groups of the process. This poses both portability and
security concerns in porting software to and from FreeBSD, as this
subtle difference is a landmine waiting to happen. Bugs have been
discovered even in FreeBSD-local sources, since this behavior is
somewhat unintuitive (see, e.g., fix 48fd05999b for chroot(8)).
Now that the egid is tracked outside of cr_groups in our ucred, convert
the syscalls to deal with only supplementary groups. Some remaining
stragglers in base that had baked in assumptions about these syscalls
are fixed in the process to avoid heartburn in conversion.
For relnotes: application developers should audit their use of both
setgroups(2) and getgroups(2) for signs that they had assumed the
previous FreeBSD behavior of using the first element for the egid. Any
calls to setgroups() to clear groups that used a single array of the
now or soon-to-be egid can be converted to setgroups(0, NULL) calls to
clear the supplementary groups entirely on all FreeBSD versions.
Co-authored-by: olce (but bugs are likely mine)
Relnotes: yes (see last paragraph)
Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D51648
396 lines
5 KiB
Text
396 lines
5 KiB
Text
/*
|
|
* It'd be nice to automatically generate the syscall symbols, but we
|
|
* don't know to what version they will eventually belong to, so for now
|
|
* it has to be manual.
|
|
*/
|
|
FBSD_1.0 {
|
|
__acl_aclcheck_fd;
|
|
__acl_aclcheck_file;
|
|
__acl_aclcheck_link;
|
|
__acl_delete_fd;
|
|
__acl_delete_file;
|
|
__acl_delete_link;
|
|
__acl_get_fd;
|
|
__acl_get_file;
|
|
__acl_get_link;
|
|
__acl_set_fd;
|
|
__acl_set_file;
|
|
__acl_set_link;
|
|
__getcwd;
|
|
__mac_execve;
|
|
__mac_get_fd;
|
|
__mac_get_file;
|
|
__mac_get_link;
|
|
__mac_get_pid;
|
|
__mac_get_proc;
|
|
__mac_set_fd;
|
|
__mac_set_file;
|
|
__mac_set_link;
|
|
__mac_set_proc;
|
|
__setugid;
|
|
__syscall;
|
|
__sysctl;
|
|
_exit;
|
|
_umtx_op;
|
|
abort2;
|
|
access;
|
|
acct;
|
|
adjtime;
|
|
aio_cancel;
|
|
aio_error;
|
|
aio_fsync;
|
|
aio_read;
|
|
aio_return;
|
|
aio_waitcomplete;
|
|
aio_write;
|
|
audit;
|
|
auditctl;
|
|
auditon;
|
|
bind;
|
|
chdir;
|
|
chflags;
|
|
chmod;
|
|
chown;
|
|
chroot;
|
|
clock_getres;
|
|
clock_gettime;
|
|
clock_settime;
|
|
dup;
|
|
dup2;
|
|
eaccess;
|
|
execve;
|
|
extattr_delete_fd;
|
|
extattr_delete_file;
|
|
extattr_delete_link;
|
|
extattr_get_fd;
|
|
extattr_get_file;
|
|
extattr_get_link;
|
|
extattr_list_fd;
|
|
extattr_list_file;
|
|
extattr_list_link;
|
|
extattr_set_fd;
|
|
extattr_set_file;
|
|
extattr_set_link;
|
|
extattrctl;
|
|
fchdir;
|
|
fchflags;
|
|
fchmod;
|
|
fchown;
|
|
fhopen;
|
|
flock;
|
|
fpathconf;
|
|
futimes;
|
|
getaudit;
|
|
getaudit_addr;
|
|
getauid;
|
|
getcontext;
|
|
getdtablesize;
|
|
getegid;
|
|
geteuid;
|
|
getfh;
|
|
getgid;
|
|
getitimer;
|
|
getpagesize;
|
|
getpeername;
|
|
getpgid;
|
|
getpgrp;
|
|
getpid;
|
|
getppid;
|
|
getpriority;
|
|
getresgid;
|
|
getresuid;
|
|
getrlimit;
|
|
getrusage;
|
|
getsid;
|
|
getsockname;
|
|
getsockopt;
|
|
gettimeofday;
|
|
getuid;
|
|
ioctl;
|
|
issetugid;
|
|
jail;
|
|
jail_attach;
|
|
kenv;
|
|
kill;
|
|
kldfind;
|
|
kldfirstmod;
|
|
kldload;
|
|
kldnext;
|
|
kldstat;
|
|
kldsym;
|
|
kldunload;
|
|
kldunloadf;
|
|
kqueue;
|
|
kmq_notify; /* Do we want these to be public interfaces? */
|
|
kmq_open; /* librt uses them to provide mq_xxx. */
|
|
kmq_setattr;
|
|
kmq_timedreceive;
|
|
kmq_timedsend;
|
|
kmq_unlink;
|
|
ksem_close;
|
|
ksem_destroy;
|
|
ksem_getvalue;
|
|
ksem_init;
|
|
ksem_open;
|
|
ksem_post;
|
|
ksem_timedwait;
|
|
ksem_trywait;
|
|
ksem_unlink;
|
|
ksem_wait;
|
|
ktrace;
|
|
lchflags;
|
|
lchmod;
|
|
lchown;
|
|
lgetfh;
|
|
link;
|
|
lio_listio;
|
|
listen;
|
|
lutimes;
|
|
mac_syscall;
|
|
madvise;
|
|
mincore;
|
|
minherit;
|
|
mkdir;
|
|
mkfifo;
|
|
mlock;
|
|
mlockall;
|
|
modfind;
|
|
modfnext;
|
|
modnext;
|
|
modstat;
|
|
mount;
|
|
mprotect;
|
|
msgget;
|
|
msgrcv;
|
|
msgsnd;
|
|
msgsys;
|
|
munlock;
|
|
munlockall;
|
|
munmap;
|
|
nfssvc;
|
|
nmount;
|
|
ntp_adjtime;
|
|
ntp_gettime;
|
|
pathconf;
|
|
posix_openpt;
|
|
preadv;
|
|
profil;
|
|
pwritev;
|
|
quotactl;
|
|
readlink;
|
|
reboot;
|
|
rename;
|
|
revoke;
|
|
rfork;
|
|
rmdir;
|
|
rtprio;
|
|
rtprio_thread;
|
|
sched_get_priority_max;
|
|
sched_get_priority_min;
|
|
sched_getparam;
|
|
sched_getscheduler;
|
|
sched_rr_get_interval;
|
|
sched_setparam;
|
|
sched_setscheduler;
|
|
sched_yield;
|
|
semget;
|
|
semop;
|
|
semsys;
|
|
sendfile;
|
|
setaudit;
|
|
setaudit_addr;
|
|
setauid;
|
|
setegid;
|
|
seteuid;
|
|
setgid;
|
|
setitimer;
|
|
setlogin;
|
|
setpgid;
|
|
setpriority;
|
|
setregid;
|
|
setresgid;
|
|
setresuid;
|
|
setreuid;
|
|
setrlimit;
|
|
setsid;
|
|
setsockopt;
|
|
settimeofday;
|
|
setuid;
|
|
shm_unlink;
|
|
shmat;
|
|
shmdt;
|
|
shmget;
|
|
shmsys;
|
|
shutdown;
|
|
sigaltstack;
|
|
sigpending;
|
|
sigqueue;
|
|
sigreturn;
|
|
socket;
|
|
socketpair;
|
|
swapon;
|
|
symlink;
|
|
sync;
|
|
sysarch;
|
|
syscall;
|
|
thr_create;
|
|
thr_exit;
|
|
thr_kill;
|
|
thr_kill2;
|
|
thr_new;
|
|
thr_self;
|
|
thr_set_name;
|
|
thr_suspend;
|
|
thr_wake;
|
|
ktimer_create; /* Do we want these to be public interfaces? */
|
|
ktimer_delete; /* librt uses them to provide timer_xxx. */
|
|
ktimer_getoverrun;
|
|
ktimer_gettime;
|
|
ktimer_settime;
|
|
umask;
|
|
undelete;
|
|
unlink;
|
|
unmount;
|
|
utimes;
|
|
utrace;
|
|
uuidgen;
|
|
vfork;
|
|
|
|
__error;
|
|
ftruncate;
|
|
lseek;
|
|
mmap;
|
|
pread;
|
|
pwrite;
|
|
truncate;
|
|
};
|
|
|
|
FBSD_1.1 {
|
|
__semctl;
|
|
cpuset;
|
|
cpuset_getid;
|
|
cpuset_setid;
|
|
cpuset_getaffinity;
|
|
cpuset_setaffinity;
|
|
faccessat;
|
|
fchmodat;
|
|
fchownat;
|
|
fexecve;
|
|
futimesat;
|
|
jail_get;
|
|
jail_set;
|
|
jail_remove;
|
|
linkat;
|
|
lpathconf;
|
|
mkdirat;
|
|
mkfifoat;
|
|
msgctl;
|
|
readlinkat;
|
|
renameat;
|
|
setfib;
|
|
shmctl;
|
|
symlinkat;
|
|
unlinkat;
|
|
};
|
|
|
|
FBSD_1.2 {
|
|
cap_enter;
|
|
cap_getmode;
|
|
getloginclass;
|
|
getpagesizes;
|
|
pdgetpid;
|
|
pdkill;
|
|
posix_fallocate;
|
|
rctl_get_racct;
|
|
rctl_get_rules;
|
|
rctl_get_limits;
|
|
rctl_add_rule;
|
|
rctl_remove_rule;
|
|
setloginclass;
|
|
};
|
|
|
|
FBSD_1.3 {
|
|
aio_mlock;
|
|
bindat;
|
|
cap_fcntls_get;
|
|
cap_fcntls_limit;
|
|
cap_ioctls_get;
|
|
cap_ioctls_limit;
|
|
__cap_rights_get;
|
|
cap_rights_limit;
|
|
chflagsat;
|
|
clock_getcpuclockid2;
|
|
connectat;
|
|
ffclock_getcounter;
|
|
ffclock_getestimate;
|
|
ffclock_setestimate;
|
|
pipe2;
|
|
posix_fadvise;
|
|
procctl;
|
|
};
|
|
|
|
FBSD_1.4 {
|
|
futimens;
|
|
utimensat;
|
|
};
|
|
|
|
FBSD_1.5 {
|
|
elf_aux_info;
|
|
fhstat;
|
|
fhstatfs;
|
|
fstat;
|
|
fstatat;
|
|
fstatfs;
|
|
getdirentries;
|
|
getfsstat;
|
|
getrandom;
|
|
mknodat;
|
|
statfs;
|
|
cpuset_getdomain;
|
|
cpuset_setdomain;
|
|
};
|
|
|
|
FBSD_1.6 {
|
|
__sysctlbyname;
|
|
aio_readv;
|
|
aio_writev;
|
|
close_range;
|
|
copy_file_range;
|
|
fhlink;
|
|
fhlinkat;
|
|
fhreadlink;
|
|
getfhat;
|
|
funlinkat;
|
|
shm_rename;
|
|
};
|
|
|
|
FBSD_1.7 {
|
|
fspacectl;
|
|
kqueuex;
|
|
membarrier;
|
|
sched_getcpu;
|
|
swapoff;
|
|
timerfd_create;
|
|
timerfd_gettime;
|
|
timerfd_settime;
|
|
};
|
|
|
|
FBSD_1.8 {
|
|
exterrctl;
|
|
fchroot;
|
|
getgroups;
|
|
getrlimitusage;
|
|
inotify_add_watch_at;
|
|
inotify_rm_watch;
|
|
kcmp;
|
|
setcred;
|
|
setgroups;
|
|
};
|
|
|
|
FBSDprivate_1.0 {
|
|
/* Add entries in sort(1) order */
|
|
__set_error_selector;
|
|
__sigwait;
|
|
nlm_syscall;
|
|
rpctls_syscall;
|
|
};
|