2.2.13: CAP_CHOWN and CAP_FOWNER

Chip Salzenberg (chip@valinux.com)
Thu, 21 Oct 1999 18:23:44 -0700


In 2.2.13 (as most previous releases), the CAP_CHOWN capability gives
carte blanche to chown and chgrp at will. However, I don't think it's
supposed to do that.

AFAIK, CAP_CHOWN is only supposed to remove the restrictions on
changing file ownership to a uid or gid that you do not currently have
(e.g. to escape a quota). Meanwhile, CAP_FOWNER removes restrictions
on which files you're allowed to chown/chgrp. So only the combination
of the two should give you a totally free hand. Or so I understand.

Thus I suggest this patch:

Index: fs/attr.c
@@ -22,20 +22,24 @@ int inode_change_ok(struct inode *inode,
goto fine;

/* Make sure a caller can chown. */
- if ((ia_valid & ATTR_UID) &&
- (current->fsuid != inode->i_uid ||
- attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN))
- goto error;
+ if ((ia_valid & ATTR_UID) && attr->ia_uid != inode->i_uid) {
+ if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
+ goto error;
+ if (current->fsuid != attr->ia_uid && !capable(CAP_CHOWN))
+ goto error;
+ }

/* Make sure caller can chgrp. */
- if ((ia_valid & ATTR_GID) &&
- (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) &&
- !capable(CAP_CHOWN))
- goto error;
+ if ((ia_valid & ATTR_GID) && attr->ia_gid != inode->i_gid) {
+ if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
+ goto error;
+ if (!in_group_p(attr->ia_gid) && !capable(CAP_CHOWN))
+ goto error;
+ }

/* Make sure a caller can chmod. */
if (ia_valid & ATTR_MODE) {
- if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
+ if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
goto error;
/* Also check the setgid bit! */
if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :

-- 
Chip Salzenberg             - a.k.a. -              <chip@valinux.com>
           "I am the Lemon Zester of Destruction!"  //MST3K

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/