On Wed, Nov 13, 2019 at 5:19 PM Topi Miettinen <toiwoton@xxxxxxxxx> wrote: > On 13.11.2019 18.00, Jann Horn wrote: > > On Wed, Nov 13, 2019 at 12:22 AM Christian Brauner > > <christian.brauner@xxxxxxxxxx> wrote: > >> On Sun, Nov 03, 2019 at 04:55:48PM +0200, Topi Miettinen wrote: > >>> Several items in /proc/sys need not be accessible to unprivileged > >>> tasks. Let the system administrator change the permissions, but only > >>> to more restrictive modes than what the sysctl tables allow. [...] > > In kernel/ucount.c, the ->permissions handler set_permissions() grants > > access based on whether the caller has CAP_SYS_RESOURCE. And in > > net/sysctl_net.c, the handler net_ctl_permissions() grants access > > based on whether the caller has CAP_NET_ADMIN. This added check is > > going to break those, right? > > > > Right. The comment above seems then a bit misleading: > /* > * sysctl entries that are not writeable, > * are _NOT_ writeable, capabilities or not. > */ I don't see the problem. Those handlers never make a file writable that doesn't have one of the three write bits (0222) set.
