From: "Serge E. Hallyn" <serue@us.ibm.com>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Igor Zhbanov <izh1979@gmail.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk,
neilb@suse.de, Trond.Myklebust@netapp.com,
David Howells <dhowells@redhat.com>,
James Morris <jmorris@namei.org>,
linux-security-module@vger.kernel.org,
Miklos Szeredi <miklos@szeredi.hu>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?
Date: Mon, 16 Mar 2009 17:59:40 -0500 [thread overview]
Message-ID: <20090316225940.GA15522@us.ibm.com> (raw)
In-Reply-To: <20090316225424.GD17738@fieldses.org>
Quoting J. Bruce Fields (bfields@fieldses.org):
> On Mon, Mar 16, 2009 at 12:04:33PM -0500, Serge E. Hallyn wrote:
> > Quoting J. Bruce Fields (bfields@fieldses.org):
> > > If filesystem permissions similarly never affected the ability to create
> > > device nodes, that might also be an argument against including
> > > CAP_MKNOD, but it would be interesting to know the pre-capabilities
> > > behavior of a uid 0 process with fsuid non-0.
> >
> > The sentiment rings true, but again since before capabilities, privilege
> > was fully tied to the userid, the question doesn't make sense. Either
> > you had uid 0 and could mknod, or you didn't and couldn't. And that is
> > the behavior which we unfortunately have to emulate when
> > !issecure(SECURE_NOROOT|SECURE_NOSUIDFIXUP).
>
> The historical behavior of setfsuid() is still interesting, though.
> >From a quick glance at Debian's code for the (long-neglected) userspace
> nfsd server, it looks like it depends on setfsuid() and the kernel to
> enforce permissions for operations (including mknod). Might be
Sorry, do you mean that it would expect setfsuid(0) to allow a task to
do mknod, and setfsuid(500) to disable it?
Actually I guess for mknod, that is the question we can answer with the
a 2.1.x tree: which uid did mknod check?
Ah, answer is... fsuid!
> interesting to confirm whether it has the same problem, and if so,
> whether that was a problem introduced with some capability changes or
> whether it always existed.
>
> --b.
next prev parent reply other threads:[~2009-03-16 22:59 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-11 12:53 VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK? Igor Zhbanov
2009-03-11 23:23 ` J. Bruce Fields
2009-03-12 16:03 ` Serge E. Hallyn
2009-03-12 16:31 ` J. Bruce Fields
2009-03-12 16:10 ` Serge E. Hallyn
2009-03-12 19:00 ` J. Bruce Fields
2009-03-12 20:56 ` Igor Zhbanov
2009-03-12 20:21 ` Michael Kerrisk
2009-03-13 17:58 ` J. Bruce Fields
2009-03-13 18:37 ` Ответ: " Igor Zhbanov
2009-03-13 19:00 ` Serge E. Hallyn
2009-03-13 19:00 ` Serge E. Hallyn
2009-03-16 18:21 ` Stephen Smalley
2009-03-16 18:21 ` Stephen Smalley
2009-03-16 18:49 ` Serge E. Hallyn
2009-03-16 18:49 ` Serge E. Hallyn
2009-03-16 21:00 ` Stephen Smalley
2009-03-16 21:00 ` Stephen Smalley
2009-03-16 22:26 ` Igor Zhbanov
2009-03-16 23:13 ` Serge E. Hallyn
2009-03-16 23:13 ` Serge E. Hallyn
2009-03-16 23:17 ` Igor Zhbanov
2009-03-17 14:20 ` Stephen Smalley
2009-03-17 14:20 ` Stephen Smalley
2009-03-17 17:39 ` Serge E. Hallyn
2009-03-17 17:39 ` Serge E. Hallyn
2009-03-17 17:52 ` Stephen Smalley
2009-03-17 17:52 ` Stephen Smalley
2009-03-17 18:23 ` Serge E. Hallyn
2009-03-17 18:23 ` Serge E. Hallyn
2009-03-18 16:17 ` ?????: " Casey Schaufler
2009-03-18 16:17 ` Casey Schaufler
2009-03-18 16:38 ` Serge E. Hallyn
2009-03-18 16:38 ` Serge E. Hallyn
2009-03-18 16:21 ` Ответ: " Stephen Smalley
2009-03-18 16:21 ` Stephen Smalley
2009-03-18 16:47 ` Serge E. Hallyn
2009-03-18 16:47 ` Serge E. Hallyn
2009-03-18 16:57 ` J. Bruce Fields
2009-03-18 17:24 ` Serge E. Hallyn
2009-03-18 17:24 ` Serge E. Hallyn
2009-03-16 22:48 ` J. Bruce Fields
2009-03-16 23:03 ` Serge E. Hallyn
2009-03-16 23:03 ` Serge E. Hallyn
2009-03-14 19:20 ` Michael Kerrisk
2009-03-16 14:16 ` Igor Zhbanov
2009-03-16 16:36 ` J. Bruce Fields
2009-03-16 16:46 ` J. Bruce Fields
2009-03-16 17:05 ` Serge E. Hallyn
2009-03-16 17:04 ` Serge E. Hallyn
2009-03-16 22:54 ` J. Bruce Fields
2009-03-16 22:59 ` Serge E. Hallyn [this message]
2009-03-23 13:21 ` unprivileged mounts vs. rmdir (was: VFS, NFS security bug? ...) Miklos Szeredi
2009-03-26 12:43 ` Pavel Machek
2009-03-26 13:14 ` Matthew Wilcox
2009-03-27 7:04 ` Eric W. Biederman
2009-03-12 11:46 ` VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK? Igor Zhbanov
[not found] ` <f44001920903120446k47590437q95242f7a55c11d57-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-03-12 12:25 ` Igor Zhbanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090316225940.GA15522@us.ibm.com \
--to=serue@us.ibm.com \
--cc=Trond.Myklebust@netapp.com \
--cc=bfields@fieldses.org \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=izh1979@gmail.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=mtk.manpages@gmail.com \
--cc=neilb@suse.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.