From: "Serge E. Hallyn" <serue@us.ibm.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org,
Igor Zhbanov <izh1979@gmail.com>,
"J. Bruce Fields" <bfields@citi.umich.edu>,
stable@kernel.org
Subject: Re: [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root
Date: Wed, 18 Mar 2009 12:08:43 -0500 [thread overview]
Message-ID: <20090318170843.GA29045@us.ibm.com> (raw)
In-Reply-To: <1237393292-14934-3-git-send-email-bfields@fieldses.org>
Quoting J. Bruce Fields (bfields@fieldses.org):
> From: J. Bruce Fields <bfields@citi.umich.edu>
>
> Since creating a device node is normally an operation requiring special
> privilege, Igor Zhbanov points out that it is surprising (to say the
> least) that a client can, for example, create a device node on a
> filesystem exported with root_squash.
>
> So, make sure CAP_MKNOD is among the capabilities dropped when an nfsd
> thread handles a request from a non-root user.
>
> Reported-by: Igor Zhbanov <izh1979@gmail.com>
> Cc: stable@kernel.org
> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Acked-by: Serge Hallyn <serue@us.ibm.com>
I assume CAP_LINUX_IMMUTABLE simply does not apply to nfs?
And, you're adding CAP_FS_MASK_B1 in anticipation of labeled nfs?
Though, I was going to send a patch later today or tomorrow (figure I
should do some ltp testing) adding CAP_MKNOD to the whole
CAP_FS_MASK_B0 (and CAP_LINUX_IMMUTABLE and CAP_FS_MASK_B1 to
CAP_FS_SET). That will conflict with this one.
thanks,
-serge
> ---
> include/linux/capability.h | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/capability.h b/include/linux/capability.h
> index 1b98725..4864a43 100644
> --- a/include/linux/capability.h
> +++ b/include/linux/capability.h
> @@ -393,8 +393,10 @@ struct cpu_vfs_cap_data {
> # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }})
> # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }})
> # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } })
> -# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \
> - CAP_FS_MASK_B1 } })
> +# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \
> + | CAP_TO_MASK(CAP_SYS_RESOURCE) \
> + | CAP_TO_MASK(CAP_MKNOD), \
> + CAP_FS_MASK_B1 } })
>
> #endif /* _KERNEL_CAPABILITY_U32S != 2 */
>
> --
> 1.6.0.4
next prev parent reply other threads:[~2009-03-18 17:08 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-18 16:21 nfsd patches for 2.6.29 J. Bruce Fields
2009-03-18 16:21 ` [PATCH] NFSD: provide encode routine for OP_OPENATTR J. Bruce Fields
2009-03-18 16:21 ` [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root J. Bruce Fields
2009-03-18 17:08 ` Serge E. Hallyn [this message]
2009-03-18 17:32 ` J. Bruce Fields
2009-03-18 20:31 ` Igor Zhbanov
2009-03-18 22:21 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090318170843.GA29045@us.ibm.com \
--to=serue@us.ibm.com \
--cc=bfields@citi.umich.edu \
--cc=bfields@fieldses.org \
--cc=izh1979@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.