Re: CAP_DAC_OVERRIDE
From: Chris Wright
Date: Tue Jun 22 2004 - 03:08:34 EST
* Andries.Brouwer@xxxxxx (Andries.Brouwer@xxxxxx) wrote:
> It seems that CAP_DAC_OVERRIDE is treated inconsistently.
> In fs/namei.c:vfs_permission() it allows one to search in
> a directory with zero permissions:
>
> if (!(mask & MAY_EXEC) ||
> (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
> if (capable(CAP_DAC_OVERRIDE))
> return 0;
>
> while in fs/namei.c:exec_permission_lite() it does not.
> Maybe the patch below would be appropriate.
Andries, I agree, it's handled inconsistently. The typical usage would
never notice this since both caps would be either enabled or disabled.
I believe we could actually simplify the overrides to simply:
if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))
goto ok;
Because this is only MAY_EXEC on directories check. However, that does
hide the override reasoning, so conservative approach below. I changed
it just slightly from yours to keep in line with code in vfs_permission.
thanks,
-chris
===== fs/namei.c 1.96 vs edited =====
--- 1.96/fs/namei.c 2004-06-20 18:20:57 -07:00
+++ edited/fs/namei.c 2004-06-22 01:02:00 -07:00
@@ -316,7 +316,7 @@
{
umode_t mode = inode->i_mode;
- if ((inode->i_op && inode->i_op->permission))
+ if (inode->i_op && inode->i_op->permission)
return -EAGAIN;
if (current->fsuid == inode->i_uid)
@@ -327,7 +327,8 @@
if (mode & MAY_EXEC)
goto ok;
- if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
+ if (((inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode)) &&
+ capable(CAP_DAC_OVERRIDE))
goto ok;
if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/