diff options
author | J. Bruce Fields <bfields@citi.umich.edu> | 2009-03-16 23:34:20 +0100 |
---|---|---|
committer | J. Bruce Fields <bfields@citi.umich.edu> | 2009-03-17 19:55:55 +0100 |
commit | 76a67ec6fb79ff3570dcb5342142c16098299911 (patch) | |
tree | 45bfd454d59ce611a103d6b63fff08a5cb5d2194 | |
parent | NFSD: provide encode routine for OP_OPENATTR (diff) | |
download | linux-76a67ec6fb79ff3570dcb5342142c16098299911.tar.xz linux-76a67ec6fb79ff3570dcb5342142c16098299911.zip |
nfsd: nfsd should drop CAP_MKNOD for non-root
Since creating a device node is normally an operation requiring special
privilege, Igor Zhbanov points out that it is surprising (to say the
least) that a client can, for example, create a device node on a
filesystem exported with root_squash.
So, make sure CAP_MKNOD is among the capabilities dropped when an nfsd
thread handles a request from a non-root user.
Reported-by: Igor Zhbanov <izh1979@gmail.com>
Cc: stable@kernel.org
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
-rw-r--r-- | include/linux/capability.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/include/linux/capability.h b/include/linux/capability.h index 1b9872556131..4864a43b2b45 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -393,8 +393,10 @@ struct cpu_vfs_cap_data { # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}) # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }) -# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \ - CAP_FS_MASK_B1 } }) +# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ + | CAP_TO_MASK(CAP_SYS_RESOURCE) \ + | CAP_TO_MASK(CAP_MKNOD), \ + CAP_FS_MASK_B1 } }) #endif /* _KERNEL_CAPABILITY_U32S != 2 */ |