zed.8: don't pretend an unprivileged user could change the script owner

And add a note on /why/ ZEDLETs need to be owned by root Quoth chown(2), Linux man-pages project: Only a privileged process (Linux: one with the CAP_CHOWN capability) may change the owner of a file. Quoth chown(2), FreeBSD: [EPERM] The operation would change the ownership, but the effective user ID is not the super-user. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes openzfs#11834
sempervictus · May 31, 2021 · 85d2e77 · 85d2e77
1 parent 0eb4155
commit 85d2e77
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 11 deletions.
diff --git a/cmd/zed/zed_conf.c b/cmd/zed/zed_conf.c
@@ -324,8 +324,6 @@ zed_conf_parse_opts(struct zed_conf *zcp, int argc, char **argv)
  *
  * Return 0 on success with an updated set of zedlets,
  * or -1 on error with errno set.
- *
- * FIXME: Check if zedlet_dir and all parent dirs are secure.
  */
 int
 zed_conf_scan_dir(struct zed_conf *zcp)

diff --git a/man/man8/zed.8.in b/man/man8/zed.8.in
@@ -117,9 +117,10 @@ ZEDLETs to be invoked in response to zevents are located in the
 \fIenabled-zedlets\fR directory.  These can be symlinked or copied from the
 \fIinstalled-zedlets\fR directory; symlinks allow for automatic updates
 from the installed ZEDLETs, whereas copies preserve local modifications.
-As a security measure, ZEDLETs must be owned by root.  They must have
-execute permissions for the user, but they must not have write permissions
-for group or other.  Dotfiles are ignored.
+As a security measure, since ownership change is a privileged operation,
+ZEDLETs must be owned by root.  They must have execute permissions for the user,
+but they must not have write permissions for group or other.
+Dotfiles are ignored.
 .PP
 ZEDLETs are named after the zevent class for which they should be invoked.
 In particular, a ZEDLET will be invoked for a given zevent if either its
@@ -231,12 +232,6 @@ Terminate the daemon.
 
 .SH BUGS
 .PP
-The ownership and permissions of the \fIenabled-zedlets\fR directory (along
-with all parent directories) are not checked.  If any of these directories
-are improperly owned or permissioned, an unprivileged user could insert a
-ZEDLET to be executed as root.  The requirement that ZEDLETs be owned by
-root mitigates this to some extent.
-.PP
 ZEDLETs are unable to return state/status information to the kernel.
 .PP
 Some zevent nvpair types are not handled.  These are denoted by zevent