| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090316225940.GA15522@us.ibm.com> Date: Mon, 16 Mar 2009 17:59:40 -0500 From: "Serge E. Hallyn" <serue@...ibm.com> To: "J. Bruce Fields" <bfields@...ldses.org> Cc: Igor Zhbanov <izh1979@...il.com>, Michael Kerrisk <mtk.manpages@...il.com>, linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk, neilb@...e.de, Trond.Myklebust@...app.com, David Howells <dhowells@...hat.com>, James Morris <jmorris@...ei.org>, linux-security-module@...r.kernel.org, Miklos Szeredi <miklos@...redi.hu>, "Eric W. Biederman" <ebiederm@...ssion.com> Subject: Re: VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK? Quoting J. Bruce Fields (bfields@...ldses.org): > On Mon, Mar 16, 2009 at 12:04:33PM -0500, Serge E. Hallyn wrote: > > Quoting J. Bruce Fields (bfields@...ldses.org): > > > If filesystem permissions similarly never affected the ability to create > > > device nodes, that might also be an argument against including > > > CAP_MKNOD, but it would be interesting to know the pre-capabilities > > > behavior of a uid 0 process with fsuid non-0. > > > > The sentiment rings true, but again since before capabilities, privilege > > was fully tied to the userid, the question doesn't make sense. Either > > you had uid 0 and could mknod, or you didn't and couldn't. And that is > > the behavior which we unfortunately have to emulate when > > !issecure(SECURE_NOROOT|SECURE_NOSUIDFIXUP). > > The historical behavior of setfsuid() is still interesting, though. > >From a quick glance at Debian's code for the (long-neglected) userspace > nfsd server, it looks like it depends on setfsuid() and the kernel to > enforce permissions for operations (including mknod). Might be Sorry, do you mean that it would expect setfsuid(0) to allow a task to do mknod, and setfsuid(500) to disable it? Actually I guess for mknod, that is the question we can answer with the a 2.1.x tree: which uid did mknod check? Ah, answer is... fsuid! > interesting to confirm whether it has the same problem, and if so, > whether that was a problem introduced with some capability changes or > whether it always existed. > > --b. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists