Use Capsicum within unftp-sbe-fs, on FreeBSD.

After authenticating a connection, limit the process's rights to mitigate any potential attacks.
bolcom · Mar 18, 2024 · 5cce425 · 5cce425
1 parent c1b208c
commit 5cce425
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 3 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -71,8 +71,8 @@ tokio = { version = "1.36.0", features = ["macros", "rt-multi-thread"] }
 unftp-sbe-fs = { path = "../libunftp/crates/unftp-sbe-fs"}
 
 [patch.crates-io]
-capsicum = { git = "https://github.com/asomers/capsicum-rs", rev = "24330ee"}
-casper-sys = { git = "https://github.com/asomers/capsicum-rs", rev = "24330ee"}
+capsicum = { git = "https://github.com/asomers/capsicum-rs", rev = "2feefa0"}
+casper-sys = { git = "https://github.com/asomers/capsicum-rs", rev = "2feefa0"}
 
 [lints]
-workspace=true
+workspace=true
diff --git a/crates/unftp-sbe-fs/Cargo.toml b/crates/unftp-sbe-fs/Cargo.toml
@@ -47,6 +47,9 @@ tokio = { version = "1.36.0", features = ["macros", "rt-multi-thread"] }
 tracing-subscriber = "0.3.18"
 getrandom = "0.2.12"
 
+[target.'cfg(target_os = "freebsd")'.dependencies]
+capsicum = { version = "0.3.0", features = [] }
+
 [target.'cfg(target_os = "freebsd")'.dev-dependencies]
 capsicum = { version = "0.3.0", features = ["casper"] }
 capsicum-net = { version = "0.1.0", features = ["tokio"], git = "https://github.com/asomers/capsicum-net", rev = "c6fc574" }

diff --git a/crates/unftp-sbe-fs/src/lib.rs b/crates/unftp-sbe-fs/src/lib.rs
@@ -100,6 +100,28 @@ impl<User: UserDetail> StorageBackend<User> for Filesystem {
             };
             self.root_fd = Arc::new(self.root_fd.open_dir(relpath)?);
         }
+        cfg_if! {
+            if #[cfg(target_os = "freebsd")] {
+                use capsicum::CapRights;
+
+                let mut rights = capsicum::RightsBuilder::new();
+                rights.allow(capsicum::Right::Fcntl);
+                rights.allow(capsicum::Right::Fstatat);
+                rights.allow(capsicum::Right::Lookup);
+                rights.allow(capsicum::Right::Read);
+                rights.allow(capsicum::Right::Seek);
+                if !user_detail.read_only() {
+                    rights.allow(capsicum::Right::Create);
+                    rights.allow(capsicum::Right::Ftruncate);
+                    rights.allow(capsicum::Right::Mkdirat);
+                    rights.allow(capsicum::Right::RenameatSource);
+                    rights.allow(capsicum::Right::RenameatTarget);
+                    rights.allow(capsicum::Right::Unlinkat);
+                    rights.allow(capsicum::Right::Write);
+                }
+                rights.finalize().limit(&self.root_fd)?;
+            }
+        }
         Ok(())
     }