Re: Overriding qouta limits in Linux kernel

Wojciech Purczynski (wp@supermedia.pl)
Sat, 27 Oct 2001 02:47:11 +0200 (CEST)


> has a CAP_SYS_RESOURCE capability then it can override the limits (that's
> how I understand this capability). Hence it's got right to exceed user quota.
> I think this is reasonable behaviour (root can do anything - suid binaries are
> just making the will of root ;)).
> And BTW I know about no way how to know who opened the file...

It is ok if suid binaries do what they are privileged to. But it is not ok
if unprivileged users do what they want using privileges of those suid
binaries.

Controling qouta is not a user-space task. Kernel should perform some
additional checks before allowing suid binary to write to file descriptor
that is inherited from unprivileged user process.

Good solution is to check CAP_SYS_RESOURCE process's capability when the
file descriptor is opened (just like CAP_DAC_OVERRIDE and
others are checked).

_________________________________________________________________
Wojciech Purczyński | Security Officer | http://cliph.linux.pl/
-----------------------------------------------------------------
Murphy's law says that there is always one more bug...
...but he forgot to mention whether it is exploitable.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/