DragonFlyBSD Kernel Audit
← dashboard
DF-0167

syscap_get INPARENT: no same-uid/same-prison authorization: info leak of capability config

Summary

sys_syscap_get INPARENT(:95-108) has no uid/prison comparison unlike syscap_set. Reads cr_caps restriction bitmask of whatever process owns p_ppid via pfind(). PID recycling -> capability config disclosure of unrelated process. Asymmetric with set which checks uid/prison.