Date: Sun, 22 Oct 2017 01:25:36 -0400 From: Theodore Ts'o <tytso@....edu> To: Nicolas Belouin <nicolas@...ouin.fr> Cc: Alexander Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-api@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: [PATCH] fs: check for DAC_READ_SEARCH instead of SYS_ADMIN On Sat, Oct 21, 2017 at 03:24:46PM +0200, Nicolas Belouin wrote: > These checks are meant to prevent leaks or attacks via directory > traversal, the use of CAP_SYS_ADMIN here is a misuse, > CAP_DAC_READ_SEARCH being way more appropriate as a process > with CAP_DAC_READ_SEARCH is entrusted with going trough all directories. > CAP_SYS_ADMIN is not meant to flag such a process. > > Signed-off-by: Nicolas Belouin <nicolas@...ouin.fr> No. lookup_dcookie() is a horrid, horrid, hack which is *spectacularly* dangerous. We should not be trying to encourage its use for anything beside its single legacy user, oprofile(8), for which CAP_SYS_ADMIN is appropriate. - Ted
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.