Re: SEVERE Problems in 2.5.12 at uid0 access

From: Skip Ford (skip.ford@verizon.net)
Date: Wed May 01 2002 - 13:13:41 EST


Bob_Tracy wrote:
> system_lists@nullzone.org wrote:
> > server01:/var/log# ls -laF
> > <snip>
> > drwxr-s--- 2 mail adm 104 Mar 12 23:29 exim/
> > <snip>
> >
> > server01:/var/log# ls -laF exim
> > ls: exim/.: Permission denied
>
> Confirmed on a 2.5.11 system as well. Talk about your basic heart
> attack! I'd just installed Postfix and found that I couldn't access
> any of the directories under /var/spool/postfix. Fortunately (?),
> I've got older kernels to fall back on, and that's one of the hazards
> of running on the bleeding edge I reckon.

Al Viro posted a patch to fix this.

diff -urN C12-0/fs/namei.c C12-current/fs/namei.c
--- C12-0/fs/namei.c Tue Apr 30 20:23:38 2002
+++ C12-current/fs/namei.c Tue Apr 30 23:37:15 2002
@@ -324,6 +324,12 @@
         if (mode & MAY_EXEC)
                 return 0;
 
+ if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
+ return 0;
+
+ if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
+ return 0;
+
         return -EACCES;
 }

-- 
Skip
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Tue May 07 2002 - 22:00:11 EST