Willy Tarreau wrote:
> @@ -1066,7 +1094,8 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
> if (!nr_pages)
> goto out;
>
> - if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
> + if (!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN) &&
> + (size > pipe_max_size || too_many_pipe_buffers(pipe->user))) {
> ret = -EPERM;
> goto out;
> }
I think we should not check capable(CAP_SYS_ADMIN) for size > pipe_max_size
case, for checking capable(CAP_SYS_ADMIN) needlessly generates audit logs and
also loosens permission required for setting size > pipe_max_size.
Also, I think we should not check capable(CAP_SYS_ADMIN) unless
too_many_pipe_buffers(pipe->user) is true, for checking capable(CAP_SYS_ADMIN)
needlessly generates audit logs.
Since too_many_unix_fds() requires capable(CAP_SYS_ADMIN) || capable(CAP_SYS_ADMIN),
I think what we want is something like below?
if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
ret = -EPERM;
goto out;
} else if (too_many_pipe_buffers(pipe->user) &&
!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) {
ret = -EPERM;
goto out;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
