Hello. I’m trying to port Collabora Online to the FreeBSD OS. The first problem I met is the following Linux-specific code:
Is my understanding correct that this code checks that the current process has the rights to call “chroot”, “mknod” and change file permissions?
Sure - that’s rather important for our subsequent fork / etc. If FreeBSD doesn’t have capabilities then just having a root process for the forkit would be sufficient.
FreeBSD does have a capabilities framework, I just wondering under what circumstances the process may not have these capabilities? These are pretty common even for unprivileged user.
On linux, the ability to chroot is a security capability, as is creating device nodes, as is changing the ownership of those device nodes, for quite obvious reasons I hope 
creating a new /dev/sda and changing ownership to yourself might allow low-level un-controlled disk access (I speculate)
All right, according to man chroot, this function can be called only by root on FreeBSD. So I’ll make the code check for uid there.
I have another question, which I already asked on IRC, reposting here:
What’s the point in calling getsockopt on listening socket at online/Socket.cpp at master · CollaboraOnline/online · GitHub ?
I presume, the process first creates the socket and then forks under non-privileged user, and this check is to make sure that we are in the forked one? Why not just look at getppid() in this case?
The intention clearly is to check the creds of the accepted child, and not the listening socket =) we could do something via the pid cred, and walk up to the parents - but forkits can die and/or get re-started so - prefer to keep this approach. Will poke the accepted child instead though - good catch =) thanks!