| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Dec 2009 06:08:51 -0700
From: Eric Blake <ebb9@....net>
To: Andrew Morton <akpm@...ux-foundation.org>
CC: bugzilla-daemon@...zilla.kernel.org,
bugme-daemon@...zilla.kernel.org,
Ulrich Drepper <drepper@...hat.com>,
Alexey Dobriyan <adobriyan@...il.com>,
Michael Kerrisk <mtk.manpages@...glemail.com>,
linux-kernel@...r.kernel.org
Subject: Re: [Bugme-new] [Bug 14832] New: futimens (AT_FDCWD, arg) should
fail
According to Andrew Morton on 12/22/2009 3:31 PM:
> Confused.
>
> : long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags)
> : {
> : int error = -EINVAL;
> :
> : if (times && (!nsec_valid(times[0].tv_nsec) ||
> : !nsec_valid(times[1].tv_nsec))) {
> : goto out;
> : }
> :
> : if (flags & ~AT_SYMLINK_NOFOLLOW)
> : goto out;
> :
> : if (filename == NULL && dfd != AT_FDCWD) {
> : struct file *file;
> :
> : if (flags & AT_SYMLINK_NOFOLLOW)
> : goto out;
> :
> : file = fget(dfd);
> : error = -EBADF;
> : if (!file)
> : goto out;
> :
>
> afacit, if filename==NULL and dfd==-1 then fget() will return NULL and
> the syscall returns -EBAFD.
Yes, that's true if dfd==-1. But My complaint was not about dfd==-1, but
about dfd==AT_FDCWD, in which case, this block of code is skipped, and you
end up operating on the current directory ".". My point is that the line:
if (filename == NULL && dfd != AT_FDCWD) {
should probably be:
if (filename == NULL) {
assuming that fget(AT_FDCWD) likewise fails.
>
> Your report doesn't tell us what kernel version you're testing. We did
> fix a few things ni this area, but it was a long time ago.
Yesterday, Ulrich patched glibc to avoid the issue from the library side
of things (I first raised the report against glibc 2 months ago, along
with a proposed patch:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10992). But there is
still the case of newer kernels and unpatched glibc, where it would also
be nice to patch the kernel. I reproduced the bug on
2.6.31.6-166.fc12.i686, where this test (part of coreutils' configure
script) failed with status 2:
| #include <fcntl.h>
| #include <sys/stat.h>
| #include <unistd.h>
|
| int
| main ()
| {
| struct timespec ts[2] = { { 1, UTIME_OMIT }, { 1, UTIME_NOW } };
| int fd = creat ("conftest.file", 0600);
| struct stat st;
| if (fd < 0) return 1;
| if (futimens (AT_FDCWD, NULL)) return 2;
| if (futimens (fd, ts)) return 3;
| sleep (1);
| ts[0].tv_nsec = UTIME_NOW;
| ts[1].tv_nsec = UTIME_OMIT;
| if (futimens (fd, ts)) return 4;
| if (fstat (fd, &st)) return 5;
| if (st.st_ctime < st.st_atime) return 6;
|
| ;
| return 0;
| }
--
Don't work too hard, make some time for fun as well!
Eric Blake ebb9@....net
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists