zed.8: don't pretend an unprivileged user could change the script owner

And add a note on /why/ ZEDLETs need to be owned by root

Quoth chown(2), Linux man-pages project:
  Only a privileged process (Linux: one with the CAP_CHOWN capability)
  may change the owner of a file.

Quoth chown(2), FreeBSD:
     [EPERM]  The operation would change the ownership,
              but the effective user ID is not the super-user.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #11834
This commit is contained in:
наб 2021-04-02 16:40:48 +02:00 committed by Brian Behlendorf
parent ed519ad495
commit c52612ba03
2 changed files with 4 additions and 11 deletions

View File

@ -324,8 +324,6 @@ zed_conf_parse_opts(struct zed_conf *zcp, int argc, char **argv)
* *
* Return 0 on success with an updated set of zedlets, * Return 0 on success with an updated set of zedlets,
* or -1 on error with errno set. * or -1 on error with errno set.
*
* FIXME: Check if zedlet_dir and all parent dirs are secure.
*/ */
int int
zed_conf_scan_dir(struct zed_conf *zcp) zed_conf_scan_dir(struct zed_conf *zcp)

View File

@ -117,9 +117,10 @@ ZEDLETs to be invoked in response to zevents are located in the
\fIenabled-zedlets\fR directory. These can be symlinked or copied from the \fIenabled-zedlets\fR directory. These can be symlinked or copied from the
\fIinstalled-zedlets\fR directory; symlinks allow for automatic updates \fIinstalled-zedlets\fR directory; symlinks allow for automatic updates
from the installed ZEDLETs, whereas copies preserve local modifications. from the installed ZEDLETs, whereas copies preserve local modifications.
As a security measure, ZEDLETs must be owned by root. They must have As a security measure, since ownership change is a privileged operation,
execute permissions for the user, but they must not have write permissions ZEDLETs must be owned by root. They must have execute permissions for the user,
for group or other. Dotfiles are ignored. but they must not have write permissions for group or other.
Dotfiles are ignored.
.PP .PP
ZEDLETs are named after the zevent class for which they should be invoked. ZEDLETs are named after the zevent class for which they should be invoked.
In particular, a ZEDLET will be invoked for a given zevent if either its In particular, a ZEDLET will be invoked for a given zevent if either its
@ -231,12 +232,6 @@ Terminate the daemon.
.SH BUGS .SH BUGS
.PP .PP
The ownership and permissions of the \fIenabled-zedlets\fR directory (along
with all parent directories) are not checked. If any of these directories
are improperly owned or permissioned, an unprivileged user could insert a
ZEDLET to be executed as root. The requirement that ZEDLETs be owned by
root mitigates this to some extent.
.PP
ZEDLETs are unable to return state/status information to the kernel. ZEDLETs are unable to return state/status information to the kernel.
.PP .PP
Some zevent nvpair types are not handled. These are denoted by zevent Some zevent nvpair types are not handled. These are denoted by zevent