Re: CAP_DAC_OVERRIDE

[Chris Wright]

* Andries.Brouwer@xxxxxx (Andries.Brouwer@xxxxxx) wrote:
> It seems that CAP_DAC_OVERRIDE is treated inconsistently.
> In fs/namei.c:vfs_permission() it allows one to search in
> a directory with zero permissions:
> 
>         if (!(mask & MAY_EXEC) ||
>             (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
>                 if (capable(CAP_DAC_OVERRIDE))
>                         return 0;
> 
> while in fs/namei.c:exec_permission_lite() it does not.
> Maybe the patch below would be appropriate.

Andries, I agree, it's handled inconsistently.  The typical usage would
never notice this since both caps would be either enabled or disabled.
I believe we could actually simplify the overrides to simply:

	if (capable(CAP_DAC_OVERRIDE) || capable(CAP_DAC_READ_SEARCH))
		goto ok;

Because this is only MAY_EXEC on directories check.  However, that does
hide the override reasoning, so conservative approach below.  I changed
it just slightly from yours to keep in line with code in vfs_permission.

thanks,
-chris

===== fs/namei.c 1.96 vs edited =====
--- 1.96/fs/namei.c	2004-06-20 18:20:57 -07:00
+++ edited/fs/namei.c	2004-06-22 01:02:00 -07:00
@@ -316,7 +316,7 @@
 {
 	umode_t	mode = inode->i_mode;
 
-	if ((inode->i_op && inode->i_op->permission))
+	if (inode->i_op && inode->i_op->permission)
 		return -EAGAIN;
 
 	if (current->fsuid == inode->i_uid)
@@ -327,7 +327,8 @@
 	if (mode & MAY_EXEC)
 		goto ok;
 
-	if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
+	if (((inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode)) &&
+	    capable(CAP_DAC_OVERRIDE))
 		goto ok;
 
 	if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/