Re: [RFC] [PATCH] [SECURITY] tightening ioctl()'s

Stephen C. Tweedie (sct@redhat.com)
Sat, 3 Jul 1999 01:40:31 +0100 (BST)


Hi,

On Fri, 2 Jul 1999 00:45:43 +0100 (GMT), Chris Evans
<chris@ferret.lmh.ox.ac.uk> said:

> Here are patches to make use of two ioctl()'s privileged. I outlined the
> dangers in previous mails. Comments?

Unified or context diffs, please!!

> Patch 1) - APPLIES TO fs/ioctl.c

There is at least one user space program --- frag --- which uses FIBMAP
to tell you the fragmentation on a file. I don't much care whether or
not a user gets to see such stuff, so what exactly is the rationale for
a change here?

> 20a21,22
>> if (!capable(CAP_SYS_ADMIN))
>> return -EPERM;

> Patch 2) - APPLIES TO fs/ext2/ioctl.c

No, the SETVERSION is designed for use by NFS servers, and they should
be able to make the call with the fsuid of the requesting user.

--Stephen

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/