From: "J. Bruce Fields" <bfields@fieldses.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org,
Igor Zhbanov <izh1979@gmail.com>, Serge Hallyn <serue@us.ibm.com>,
"J. Bruce Fields" <bfields@citi.umich.edu>,
stable@kernel.org
Subject: [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root
Date: Wed, 18 Mar 2009 12:21:32 -0400 [thread overview]
Message-ID: <1237393292-14934-3-git-send-email-bfields@fieldses.org> (raw)
In-Reply-To: <1237393292-14934-2-git-send-email-bfields@fieldses.org>
From: J. Bruce Fields <bfields@citi.umich.edu>
Since creating a device node is normally an operation requiring special
privilege, Igor Zhbanov points out that it is surprising (to say the
least) that a client can, for example, create a device node on a
filesystem exported with root_squash.
So, make sure CAP_MKNOD is among the capabilities dropped when an nfsd
thread handles a request from a non-root user.
Reported-by: Igor Zhbanov <izh1979@gmail.com>
Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
---
include/linux/capability.h | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/linux/capability.h b/include/linux/capability.h
index 1b98725..4864a43 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -393,8 +393,10 @@ struct cpu_vfs_cap_data {
# define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
# define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }})
# define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } })
-# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
- CAP_FS_MASK_B1 } })
+# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
+ | CAP_TO_MASK(CAP_SYS_RESOURCE) \
+ | CAP_TO_MASK(CAP_MKNOD), \
+ CAP_FS_MASK_B1 } })
#endif /* _KERNEL_CAPABILITY_U32S != 2 */
--
1.6.0.4
next prev parent reply other threads:[~2009-03-18 16:21 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-18 16:21 nfsd patches for 2.6.29 J. Bruce Fields
2009-03-18 16:21 ` [PATCH] NFSD: provide encode routine for OP_OPENATTR J. Bruce Fields
2009-03-18 16:21 ` J. Bruce Fields [this message]
2009-03-18 17:08 ` [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root Serge E. Hallyn
2009-03-18 17:32 ` J. Bruce Fields
2009-03-18 20:31 ` Igor Zhbanov
2009-03-18 22:21 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1237393292-14934-3-git-send-email-bfields@fieldses.org \
--to=bfields@fieldses.org \
--cc=bfields@citi.umich.edu \
--cc=izh1979@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=serue@us.ibm.com \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.