![[LWN Logo]](/images/lwn.banner.gif)
To: linux-kernel@vger.rutgers.edu
Subject: [SECURITY PATCH] nfsd
Date: Mon, 26 Oct 1998 12:00:26 -0800
From: "G. Allen Morris III" <gam3@gam3.sehda.com>
There is a security problem with the kernel nfsd code.
The nfsd kernel code calls permision() with both CAP_DAC_OVERRIDE and
CAP_DAC_READ_SEARCH set. This allows the access of files in a directory
with permisions 000 even w/ root_squash set.
Here is a patch to fix this problem.
diff -u -r1.1 auth.c
--- linux/fs/nfsd/auth.c 1998/10/16 19:08:05 1.1
+++ linux/fs/nfsd/auth.c 1998/10/26 00:24:23
@@ -43,5 +43,14 @@
current->fsgid = exp->ex_anon_gid;
for (i = 0; i < NGROUPS; i++)
current->groups[i] = cred->cr_groups[i];
+ /* FIXME: hack to make make 000 mode directories unreadable */
+ if ((cred->cr_uid)) {
+ cap_lower(current->cap_effective, CAP_DAC_OVERRIDE);
+ cap_lower(current->cap_effective, CAP_DAC_READ_SEARCH);
+ } else {
+ cap_raise(current->cap_effective, CAP_DAC_OVERRIDE);
+ cap_raise(current->cap_effective, CAP_DAC_READ_SEARCH);
+ }
+
rqstp->rq_userset = 1;
}
---------------------------------
G. Allen Morris III
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/