| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Apr 2015 18:08:47 +0300
From: Azat Khuzhin <a3at.mail@...il.com>
To: Wuqixuan <wuqixuan@...wei.com>
Cc: viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] fs/sync.c : Add CAP_SYS_ADMIN checking before sync
On Thu, Apr 16, 2015 at 07:43:34PM +0800, Wuqixuan wrote:
> The process, supposed in one container, can't flush the metadata
> and data of the all host's partitions without CAP_SYS_ADMIN
> capability, like sys_mount is doing. The checking will prevent some
> vicious programs impacting IO sequnces of those partitions,
> particularly, the ones which can't be accessed in the container.
>
> Signed-off-by: Last Wu <wuqixuan@...wei.com>
> ---
> fs/sync.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/sync.c b/fs/sync.c
> index fbc98ee..9f07909 100644
> --- a/fs/sync.c
> +++ b/fs/sync.c
> @@ -103,6 +103,9 @@ SYSCALL_DEFINE0(sync)
> {
> int nowait = 0, wait = 1;
>
> + if (!capable(CAP_SYS_ADMIN))
> + return -EPERM;
So after this patch I can't call sync as a regular user? (even without
containers).
But nothing in sync(2) says about special permissions for this.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists