Re: [RFC] [PATCH] [SECURITY] tightening ioctl()'s

Albert D. Cahalan (acahalan@cs.uml.edu)
Fri, 2 Jul 1999 22:37:26 -0400 (EDT)


Stephen C. Tweedie writes:
> On Fri, 2 Jul 1999 00:45:43 +0100 (GMT), Chris Evans

>> Here are patches to make use of two ioctl()'s privileged.
> I outlined the dangers in previous mails. Comments?
>
> Unified or context diffs, please!!

Oh yeah... ed-style diffs don't work so well when quoted in email.

>> Patch 1) - APPLIES TO fs/ioctl.c
>
> There is at least one user space program --- frag --- which uses FIBMAP
> to tell you the fragmentation on a file. I don't much care whether or
> not a user gets to see such stuff, so what exactly is the rationale for
> a change here?

It is a covert channel. :-)
Users could intentionally fragment a disk.

>> 20a21,22
>>> if (!capable(CAP_SYS_ADMIN))
>>> return -EPERM;
>>
>> Patch 2) - APPLIES TO fs/ext2/ioctl.c
>
> No, the SETVERSION is designed for use by NFS servers, and they should
> be able to make the call with the fsuid of the requesting user.

The above doesn't change the behavior you like AFAIK.
You will generally need EUID to be root, but fsuid can be anything.
This is good behavior.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/