2015-12-05 06:16:54

by Seth Forshee

[permalink] [raw]
Subject: [PATCH] fs: Drop CAP_SYS_RAWIO requirement for FIBMAP

The information exposed by FIBMAP is not privileged and is
similar to the information provided by FIEMAP, which does not
require privileges. According to [1] the reason the capability
check was originally added was to prevent crashing the kernel
by passing invalid arguments, but this should no longer be a
problem, so this requirement can be removed.

[1] http://www.gossamer-threads.com/lists/linux/kernel/103611

Cc: "Serge E. Hallyn" <[email protected]>
Cc: Theodore Ts'o <[email protected]>
Signed-off-by: Seth Forshee <[email protected]>
---
fs/ioctl.c | 2 --
1 file changed, 2 deletions(-)

diff --git a/fs/ioctl.c b/fs/ioctl.c
index 5d01d2638ca5..c963d82b0de8 100644
--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -55,8 +55,6 @@ static int ioctl_fibmap(struct file *filp, int __user *p)
/* do we support this mess? */
if (!mapping->a_ops->bmap)
return -EINVAL;
- if (!capable(CAP_SYS_RAWIO))
- return -EPERM;
res = get_user(block, p);
if (res)
return res;
--
1.9.1


2015-12-09 22:52:26

by Serge Hallyn

[permalink] [raw]
Subject: Re: [PATCH] fs: Drop CAP_SYS_RAWIO requirement for FIBMAP

On Sat, Dec 05, 2015 at 12:15:16AM -0600, Seth Forshee wrote:
> The information exposed by FIBMAP is not privileged and is
> similar to the information provided by FIEMAP, which does not
> require privileges. According to [1] the reason the capability
> check was originally added was to prevent crashing the kernel
> by passing invalid arguments, but this should no longer be a
> problem, so this requirement can be removed.
>
> [1] http://www.gossamer-threads.com/lists/linux/kernel/103611
>
> Cc: "Serge E. Hallyn" <[email protected]>
> Cc: Theodore Ts'o <[email protected]>
> Signed-off-by: Seth Forshee <[email protected]>

Acked-by: Serge Hallyn <[email protected]>

> ---
> fs/ioctl.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/fs/ioctl.c b/fs/ioctl.c
> index 5d01d2638ca5..c963d82b0de8 100644
> --- a/fs/ioctl.c
> +++ b/fs/ioctl.c
> @@ -55,8 +55,6 @@ static int ioctl_fibmap(struct file *filp, int __user *p)
> /* do we support this mess? */
> if (!mapping->a_ops->bmap)
> return -EINVAL;
> - if (!capable(CAP_SYS_RAWIO))
> - return -EPERM;
> res = get_user(block, p);
> if (res)
> return res;
> --
> 1.9.1