lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 06 May 2008 10:49:58 +0200
From:	Miklos Szeredi <miklos@...redi.hu>
To:	hirofumi@...l.parknet.co.jp
CC:	miklos@...redi.hu, akpm@...ux-foundation.org, hch@...radead.org,
	viro@...IV.linux.org.uk, linux-kernel@...r.kernel.org,
	linux-fsdevel@...r.kernel.org
Subject: Re: [patch 08/15] fat: dont call notify_change

> > From: Miklos Szeredi <mszeredi@...e.cz>
> >
> > The FAT_IOCTL_SET_ATTRIBUTES ioctl() calls notify_change() to change
> > the file mode before changing the inode attributes.  Replace with
> > explicit call to fat_setattr().
> >
> > This is equivalent, except that security_inode_setattr() is not called
> > before fat_setattr().  I think this is not needed, since the mode
> > change is just a side effect of the attribute change.
> >
> > Signed-off-by: Miklos Szeredi <mszeredi@...e.cz>
> > CC: OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>
> 
> Looks good. I'm not sure about the intent of security_inode_setattr()
> though.

security_inode_setattr() will call into the security module (selinux,
smack, apparmor) to check if the file mode change is permitted or not.
It's not really applicable to this case, since AFAICS the mode change
here is just a side effect of the attribute change.

If it's not just a side effect, but another way to change the file
mode, then the whole code is very wrong.  chmod() is perfectly fine
for changing the file mode, there's no need for a separate ioctl to
perform exactly the same task.

Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ