zed.8: don't pretend an unprivileged user could change the script owner
And add a note on /why/ ZEDLETs need to be owned by root Quoth chown(2), Linux man-pages project: Only a privileged process (Linux: one with the CAP_CHOWN capability) may change the owner of a file. Quoth chown(2), FreeBSD: [EPERM] The operation would change the ownership, but the effective user ID is not the super-user. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #11834
This commit is contained in:
parent
01219379cf
commit
718ee43362
|
@ -324,8 +324,6 @@ zed_conf_parse_opts(struct zed_conf *zcp, int argc, char **argv)
|
|||
*
|
||||
* Return 0 on success with an updated set of zedlets,
|
||||
* or -1 on error with errno set.
|
||||
*
|
||||
* FIXME: Check if zedlet_dir and all parent dirs are secure.
|
||||
*/
|
||||
int
|
||||
zed_conf_scan_dir(struct zed_conf *zcp)
|
||||
|
|
|
@ -117,9 +117,10 @@ ZEDLETs to be invoked in response to zevents are located in the
|
|||
\fIenabled-zedlets\fR directory. These can be symlinked or copied from the
|
||||
\fIinstalled-zedlets\fR directory; symlinks allow for automatic updates
|
||||
from the installed ZEDLETs, whereas copies preserve local modifications.
|
||||
As a security measure, ZEDLETs must be owned by root. They must have
|
||||
execute permissions for the user, but they must not have write permissions
|
||||
for group or other. Dotfiles are ignored.
|
||||
As a security measure, since ownership change is a privileged operation,
|
||||
ZEDLETs must be owned by root. They must have execute permissions for the user,
|
||||
but they must not have write permissions for group or other.
|
||||
Dotfiles are ignored.
|
||||
.PP
|
||||
ZEDLETs are named after the zevent class for which they should be invoked.
|
||||
In particular, a ZEDLET will be invoked for a given zevent if either its
|
||||
|
@ -231,12 +232,6 @@ Terminate the daemon.
|
|||
|
||||
.SH BUGS
|
||||
.PP
|
||||
The ownership and permissions of the \fIenabled-zedlets\fR directory (along
|
||||
with all parent directories) are not checked. If any of these directories
|
||||
are improperly owned or permissioned, an unprivileged user could insert a
|
||||
ZEDLET to be executed as root. The requirement that ZEDLETs be owned by
|
||||
root mitigates this to some extent.
|
||||
.PP
|
||||
ZEDLETs are unable to return state/status information to the kernel.
|
||||
.PP
|
||||
Some zevent nvpair types are not handled. These are denoted by zevent
|
||||
|
|
Loading…
Reference in New Issue