[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #8195 [Tor]: tor and capabilities
#8195: tor and capabilities
-----------------------------+--------------------------------
Reporter: weasel | Owner:
Type: enhancement | Status: needs_revision
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-relay security
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------------
Comment (by dgoulet):
Hrm, so of what I've seen Tor can chown() files *after* the boot time
process. When the process goes to an unprivileged UID, the chown should
only work on UID/GID it *owns* (behavior of chown(2)) thus the chown of
/etc/shadow would be EPERM.
But now you've plant the "seed of doubt" in my head so I've looked in the
Linux kernel and the check is actually done like this (fs/attr.c +49)
{{{
/* Make sure a caller can chown. */
if ((ia_valid & ATTR_UID) &&
(!uid_eq(current_fsuid(), inode->i_uid) ||
!uid_eq(attr->ia_uid, inode->i_uid)) &&
!inode_capable(inode, CAP_CHOWN))
return -EPERM;
}}}
Thus the check is done against the capability and the current UID with the
file UID we are trying to change. I'll make a test just to be *sure* that
I'm correct here unless I'm not completely wrong. Any case, the test will
tell us.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8195#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs