c/mirror_zfs
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_zfs.git synced 2024-11-18 02:20:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

zed.8: don't pretend an unprivileged user could change the script owner

Browse Source 
And add a note on /why/ ZEDLETs need to be owned by root

Quoth chown(2), Linux man-pages project:
  Only a privileged process (Linux: one with the CAP_CHOWN capability)
  may change the owner of a file.

Quoth chown(2), FreeBSD:
     [EPERM]  The operation would change the ownership,
              but the effective user ID is not the super-user.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #11834
This commit is contained in:
наб 2021-04-02 16:40:48 +02:00 committed by Brian Behlendorf
parent 01219379cf
commit 718ee43362
2 changed files with 4 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/zed/zed_conf.c
View File

@ -324,8 +324,6 @@ zed_conf_parse_opts(struct zed_conf *zcp, int argc, char **argv)
*
* Return 0 on success with an updated set of zedlets,
* or -1 on error with errno set.
*
* FIXME: Check if zedlet_dir and all parent dirs are secure.
*/
int
zed_conf_scan_dir(struct zed_conf *zcp)

13
man/man8/zed.8.in
View File

@ -117,9 +117,10 @@ ZEDLETs to be invoked in response to zevents are located in the
\fIenabled-zedlets\fR directory. These can be symlinked or copied from the
\fIinstalled-zedlets\fR directory; symlinks allow for automatic updates
from the installed ZEDLETs, whereas copies preserve local modifications.
As a security measure, ZEDLETs must be owned by root. They must have
execute permissions for the user, but they must not have write permissions
for group or other. Dotfiles are ignored.
As a security measure, since ownership change is a privileged operation,
ZEDLETs must be owned by root. They must have execute permissions for the user,
but they must not have write permissions for group or other.
Dotfiles are ignored.
.PP
ZEDLETs are named after the zevent class for which they should be invoked.
In particular, a ZEDLET will be invoked for a given zevent if either its
@ -231,12 +232,6 @@ Terminate the daemon.
.SH BUGS
.PP
The ownership and permissions of the \fIenabled-zedlets\fR directory (along
with all parent directories) are not checked. If any of these directories
are improperly owned or permissioned, an unprivileged user could insert a
ZEDLET to be executed as root. The requirement that ZEDLETs be owned by
root mitigates this to some extent.
.PP
ZEDLETs are unable to return state/status information to the kernel.
.PP
Some zevent nvpair types are not handled. These are denoted by zevent