linux-kernel March 2009 archive
Main Archive Page > Month Archives  > linux-kernel archives
linux-kernel: Re: VFS, NFS security bug? Should CAP_MKNOD and CA

Re: VFS, NFS security bug? Should CAP_MKNOD and CAP_LINUX_IMMUTABLE be added to CAP_FS_MASK?

From: J. Bruce Fields <bfields_at_nospam>
Date: Mon Mar 16 2009 - 22:54:24 GMT
To: "Serge E. Hallyn" <serue@us.ibm.com>


On Mon, Mar 16, 2009 at 12:04:33PM -0500, Serge E. Hallyn wrote:
> Quoting J. Bruce Fields (bfields@fieldses.org):
> > If filesystem permissions similarly never affected the ability to create
> > device nodes, that might also be an argument against including
> > CAP_MKNOD, but it would be interesting to know the pre-capabilities
> > behavior of a uid 0 process with fsuid non-0.
>
> The sentiment rings true, but again since before capabilities, privilege
> was fully tied to the userid, the question doesn't make sense. Either
> you had uid 0 and could mknod, or you didn't and couldn't. And that is
> the behavior which we unfortunately have to emulate when
> !issecure(SECURE_NOROOT|SECURE_NOSUIDFIXUP).

The historical behavior of setfsuid() is still interesting, though.
>From a quick glance at Debian's code for the (long-neglected) userspace
nfsd server, it looks like it depends on setfsuid() and the kernel to enforce permissions for operations (including mknod). Might be interesting to confirm whether it has the same problem, and if so, whether that was a problem introduced with some capability changes or whether it always existed.

--b. -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html