From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7DD6064261 for ; Tue, 6 Oct 2020 12:09:03 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 721DD24264 for ; Tue, 6 Oct 2020 12:09:03 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 80C6624258 for ; Tue, 6 Oct 2020 12:09:02 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 46E824586B for ; Tue, 6 Oct 2020 12:09:02 +0200 (CEST) From: Thomas Lamprecht To: pbs-devel@lists.proxmox.com Date: Tue, 6 Oct 2020 12:08:54 +0200 Message-Id: <20201006100854.18897-3-t.lamprecht@proxmox.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201006100854.18897-1-t.lamprecht@proxmox.com> References: <20201006100854.18897-1-t.lamprecht@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.149 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [datastore.rs, acl.rs, datastore.read] Subject: [pbs-devel] [PATCH backup 3/3] server: add Datastore.Allocate privilege X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Oct 2020 10:09:03 -0000 Previously only Datastore.Modify was required for creating a new datastore. But, that endpoint allows one to pass an arbitrary path, of which all parent directories will be created, this can allow any user with the "Datastore Admin" role on "/datastores" to do some damage to the system. Further, it is effectively a side channel for revealing the systems directory structure through educated guessing and error handling. Add a new privilege "Datastore.Allocate" which, for now, is used specifically for the create datastore API endpoint. Add it only to the "Admin" role. Signed-off-by: Thomas Lamprecht --- src/api2/config/datastore.rs | 4 ++-- src/config/acl.rs | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/api2/config/datastore.rs b/src/api2/config/datastore.rs index 07ca4ab8..140af833 100644 --- a/src/api2/config/datastore.rs +++ b/src/api2/config/datastore.rs @@ -11,7 +11,7 @@ use crate::api2::types::*; use crate::backup::*; use crate::config::cached_user_info::CachedUserInfo; use crate::config::datastore::{self, DataStoreConfig, DIR_NAME_SCHEMA}; -use crate::config::acl::{PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY}; +use crate::config::acl::{PRIV_DATASTORE_ALLOCATE, PRIV_DATASTORE_AUDIT, PRIV_DATASTORE_MODIFY}; #[api( input: { @@ -106,7 +106,7 @@ pub fn list_datastores( }, }, access: { - permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_MODIFY, false), + permission: &Permission::Privilege(&["datastore"], PRIV_DATASTORE_ALLOCATE, false), }, )] /// Create new datastore config. diff --git a/src/config/acl.rs b/src/config/acl.rs index 67f61976..39f9d030 100644 --- a/src/config/acl.rs +++ b/src/config/acl.rs @@ -27,6 +27,7 @@ constnamedbitmap! { PRIV_SYS_POWER_MANAGEMENT("Sys.PowerManagement"); PRIV_DATASTORE_AUDIT("Datastore.Audit"); + PRIV_DATASTORE_ALLOCATE("Datastore.Allocate"); PRIV_DATASTORE_MODIFY("Datastore.Modify"); PRIV_DATASTORE_READ("Datastore.Read");