Re: [PATCH] fanotify: remove redundant capable(CAP_SYS_ADMIN)s
From: Amir Goldstein
Date: Wed May 22 2019 - 14:32:34 EST
On Wed, May 22, 2019 at 7:32 PM Christian Brauner <christian@xxxxxxxxxx> wrote:
>
> This removes two redundant capable(CAP_SYS_ADMIN) checks from
> fanotify_init().
> fanotify_init() guards the whole syscall with capable(CAP_SYS_ADMIN) at the
> beginning. So the other two capable(CAP_SYS_ADMIN) checks are not needed.
It's intentional:
commit e7099d8a5a34d2876908a9fab4952dabdcfc5909
Author: Eric Paris <eparis@xxxxxxxxxx>
Date: Thu Oct 28 17:21:57 2010 -0400
fanotify: limit the number of marks in a single fanotify group
There is currently no limit on the number of marks a given fanotify group
can have. Since fanotify is gated on CAP_SYS_ADMIN this was not seen as
a serious DoS threat. This patch implements a default of 8192, the same as
inotify to work towards removing the CAP_SYS_ADMIN gating and eliminating
the default DoS'able status.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
There idea is to eventually remove the gated CAP_SYS_ADMIN.
There is no reason that fanotify could not be used by unprivileged users
to setup inotify style watch on an inode or directories children, see:
https://patchwork.kernel.org/patch/10668299/
>
> Fixes: 5dd03f55fd2 ("fanotify: allow userspace to override max queue depth")
> Fixes: ac7e22dcfaf ("fanotify: allow userspace to override max marks")
Fixes is used to tag bug fixes for stable.
There is no bug.
Thanks,
Amir.