DragonFlyBSD Kernel Audit
← dashboard
DF-0166

syscap_set INPARENT: uid/prison checked without p_token before capability mutation

Summary

sys_syscap_set INPARENT(:164-178) checks parent uid/prison via pfind() without p_token, acquired only at :177. Race: parent changes uid/prison between check and mutation. One-way ratchet (only ORs restriction bits) limits to privilege reduction not escalation. PID recycling could target unrelated process.