Message-ID: <30b59a4.19708.18d4f3f3620.Coremail.mengjingzi@iie.ac.cn>
Date: Sun, 28 Jan 2024 16:45:59 +0800 (GMT+08:00)
From: 孟敬姿 <mengjingzi@....ac.cn>
To: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Identified Redundant Capability Check in File Access under
 /proc/sys

Hello developers,

I hope this message finds you well. I wanted to bring to your attention an observation regarding file access under /proc/sys in the kernel source code.

Upon review, it appears that certain files are protected by capabilities in the kernel source code; however, the capability check does not seem to be effectively enforced during file access.

For example, I noticed this inconsistency in the access functions of some special files:
1. The access function mmap_min_addr_handler() in /proc/sys/vm/mmap_min_addr utilizes the CAP_SYS_RAWIO check.
2. The access function proc_dointvec_minmax_sysadmin() in /proc/sys/kernel/kptr_restrict requires the CAP_SYS_ADMIN check.

Despite these capability checks in the source code, when accessing a file, it undergoes a UGO permission check before triggering these specialized file access functions. The UGO permissions for these files are configured as root:root rw- r-- r--, meaning only the root user can pass the UGO check.

As a result, to access these files, one must be the root user, who inherently possesses all capabilities. Consequently, the capabilities check in the file access function seems redundant.

Please consider reviewing and adjusting the capability checks in the mentioned access functions for better alignment with the UGO permissions.

Thank you for your attention to this matter.

Best regards,
Jingzi Meng

Powered by blists - more mailing lists