From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH backup 3/3] server: add Datastore.Allocate privilege
Date: Tue, 6 Oct 2020 12:08:54 +0200 [thread overview]
Message-ID: <20201006100854.18897-3-t.lamprecht@proxmox.com> (raw)
In-Reply-To: <20201006100854.18897-1-t.lamprecht@proxmox.com>
Previously only Datastore.Modify was required for creating a new
datastore.
But, that endpoint allows one to pass an arbitrary path, of which all
parent directories will be created, this can allow any user with the
"Datastore Admin" role on "/datastores" to do some damage to the
system. Further, it is effectively a side channel for revealing the
systems directory structure through educated guessing and error
handling.
Add a new privilege "Datastore.Allocate" which, for now, is used
specifically for the create datastore API endpoint.
Add it only to the "Admin" role.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
src/api2/config/datastore.rs | 4 ++--
src/config/acl.rs | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/api2/config/datastore.rs b/src/api2/config/datastore.rs
index 07ca4ab8..140af833 100644
--- a/src/api2/config/datastore.rs
+++ b/src/api2/config/datastore.rs
@@ -11,7 +11,7 @@ use crate::api2::types::*;
use crate::backup::*;
use crate::config::cached_user_info::CachedUserInfo;
use crate::config::datastore::{self, DataStoreConfig, DIR_NAME_SCHEMA};
-use crate::config::acl::{PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
+use crate::config::acl::{PRIV_DATASTORE_ALLOCATE, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY};
#[api(
input: {
@@ -106,7 +106,7 @@ pub fn list_datastores(
},
},
access: {
- permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_MODIFY, false),
+ permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_ALLOCATE, false),
},
)]
/// Create new datastore config.
diff --git a/src/config/acl.rs b/src/config/acl.rs
index 67f61976..39f9d030 100644
--- a/src/config/acl.rs
+++ b/src/config/acl.rs
@@ -27,6 +27,7 @@ constnamedbitmap! {
PRIV_SYS_POWER_MANAGEMENT("Sys.PowerManagement");
PRIV_DATASTORE_AUDIT("Datastore.Audit");
+ PRIV_DATASTORE_ALLOCATE("Datastore.Allocate");
PRIV_DATASTORE_MODIFY("Datastore.Modify");
PRIV_DATASTORE_READ("Datastore.Read");
next prev parent reply other threads:[~2020-10-06 10:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-06 10:08 [pbs-devel] [PATCH proxmox 1/3] tools: change constnamemap to a more automatic constnamedbitmap Thomas Lamprecht
2020-10-06 10:08 ` [pbs-devel] [PATCH backup 2/3] acl: use modified constnamedbitmap macro Thomas Lamprecht
2020-10-06 10:08 ` Thomas Lamprecht [this message]
2020-10-08 7:12 ` [pbs-devel] applied: [PATCH proxmox 1/3] tools: change constnamemap to a more automatic constnamedbitmap Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201006100854.18897-3-t.lamprecht@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox