zed.8: don't pretend an unprivileged user could change the script owner
And add a note on /why/ ZEDLETs need to be owned by root Quoth chown(2), Linux man-pages project: Only a privileged process (Linux: one with the CAP_CHOWN capability) may change the owner of a file. Quoth chown(2), FreeBSD: [EPERM] The operation would change the ownership, but the effective user ID is not the super-user. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #11834
This commit is contained in:
parent
ed519ad495
commit
c52612ba03
|
@ -324,8 +324,6 @@ zed_conf_parse_opts(struct zed_conf *zcp, int argc, char **argv)
|
||||||
*
|
*
|
||||||
* Return 0 on success with an updated set of zedlets,
|
* Return 0 on success with an updated set of zedlets,
|
||||||
* or -1 on error with errno set.
|
* or -1 on error with errno set.
|
||||||
*
|
|
||||||
* FIXME: Check if zedlet_dir and all parent dirs are secure.
|
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
zed_conf_scan_dir(struct zed_conf *zcp)
|
zed_conf_scan_dir(struct zed_conf *zcp)
|
||||||
|
|
|
@ -117,9 +117,10 @@ ZEDLETs to be invoked in response to zevents are located in the
|
||||||
\fIenabled-zedlets\fR directory. These can be symlinked or copied from the
|
\fIenabled-zedlets\fR directory. These can be symlinked or copied from the
|
||||||
\fIinstalled-zedlets\fR directory; symlinks allow for automatic updates
|
\fIinstalled-zedlets\fR directory; symlinks allow for automatic updates
|
||||||
from the installed ZEDLETs, whereas copies preserve local modifications.
|
from the installed ZEDLETs, whereas copies preserve local modifications.
|
||||||
As a security measure, ZEDLETs must be owned by root. They must have
|
As a security measure, since ownership change is a privileged operation,
|
||||||
execute permissions for the user, but they must not have write permissions
|
ZEDLETs must be owned by root. They must have execute permissions for the user,
|
||||||
for group or other. Dotfiles are ignored.
|
but they must not have write permissions for group or other.
|
||||||
|
Dotfiles are ignored.
|
||||||
.PP
|
.PP
|
||||||
ZEDLETs are named after the zevent class for which they should be invoked.
|
ZEDLETs are named after the zevent class for which they should be invoked.
|
||||||
In particular, a ZEDLET will be invoked for a given zevent if either its
|
In particular, a ZEDLET will be invoked for a given zevent if either its
|
||||||
|
@ -231,12 +232,6 @@ Terminate the daemon.
|
||||||
|
|
||||||
.SH BUGS
|
.SH BUGS
|
||||||
.PP
|
.PP
|
||||||
The ownership and permissions of the \fIenabled-zedlets\fR directory (along
|
|
||||||
with all parent directories) are not checked. If any of these directories
|
|
||||||
are improperly owned or permissioned, an unprivileged user could insert a
|
|
||||||
ZEDLET to be executed as root. The requirement that ZEDLETs be owned by
|
|
||||||
root mitigates this to some extent.
|
|
||||||
.PP
|
|
||||||
ZEDLETs are unable to return state/status information to the kernel.
|
ZEDLETs are unable to return state/status information to the kernel.
|
||||||
.PP
|
.PP
|
||||||
Some zevent nvpair types are not handled. These are denoted by zevent
|
Some zevent nvpair types are not handled. These are denoted by zevent
|
||||||
|
|
Loading…
Reference in New Issue