lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Feb 2007 22:01:50 -0800 From: Andreas Gruenbacher <agruen@...e.de> To: akpm@...ux-foundation.org Cc: torvalds@...ux-foundation.org, hugh@...itas.com, linux-ext4@...r.kernel.org, tigran@...azian.fsnet.co.uk Subject: Re: [patch 206/241] fix umask when noACL kernel meets extN tuned for ACLs On Saturday 10 February 2007 01:46, akpm@...ux-foundation.org wrote: > From: Hugh Dickins <hugh@...itas.com> > > Fix insecure default behaviour reported by Tigran Aivazian: if an ext2 or > ext3 or ext4 filesystem is tuned to mount with "acl", but mounted by a > kernel built without ACL support, then umask was ignored when creating > inodes - though root or user has umask 022, touch creates files as 0666, > and mkdir creates directories as 0777. > > This appears to have worked right until 2.6.11, when a fix to the default > mode on symlinks (always 0777) assumed VFS applies umask: which it does, > unless the mount is marked for ACLs; but ext[234] set MS_POSIXACL in > s_flags according to s_mount_opt set according to def_mount_opts. > > We could revert to the 2.6.10 ext[234]_init_acl (adding an S_ISLNK test); > but other filesystems only set MS_POSIXACL when ACLs are configured. We > could fix this at another level; but it seems most robust to avoid setting > the s_mount_opt flag in the first place (at the expense of more ifdefs). > > Likewise don't set the XATTR_USER flag when built without XATTR support. > > Signed-off-by: Hugh Dickins <hugh@...itas.com> > Cc: Tigran Aivazian <tigran@...azian.fsnet.co.uk> > Cc: <linux-ext4@...r.kernel.org> > Cc: Andreas Gruenbacher <agruen@...e.de> > Signed-off-by: Andrew Morton <akpm@...ux-foundation.org> Ack -- and thanks for this fix! Andreas - To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists