[PATCH] afs: proc cells and rootcell are writeable
David Howells
dhowells at redhat.com
Thu Jan 30 19:31:21 EST 2014
David Howells <dhowells at redhat.com> wrote:
> > > I think this is a pretty strong argument. Counter-arguments, anybody?
> >
> > Yes. CAP_DAC_READ_SEARCH.
>
> No, it would seem unlikely it's that, but I guess there's another capability
> override because the process is owned by root.
CAP_DAC_OVERRIDE, I think.
int generic_permission(struct inode *inode, int mask)
{
...
/*
* Read/write DACs are always overridable.
* Executable DACs are overridable when there is
* at least one exec bit set.
*/
if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
if (inode_capable(inode, CAP_DAC_OVERRIDE))
return 0;
...
}
David
More information about the linux-afs
mailing list