lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <201009271514.00279.agruen@suse.de> Date: Mon, 27 Sep 2010 15:14:00 +0200 From: Andreas Gruenbacher <agruen@...e.de> To: Jeff Layton <jlayton@...hat.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>, sfrench@...ibm.com, ffilz@...ibm.com, adilger@....com, sandeen@...hat.com, tytso@....edu, bfields@...i.umich.edu, linux-fsdevel@...r.kernel.org, nfsv4@...ux-nfs.org, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH -V4 08/11] vfs: Add new file and directory create permission flags On Friday 24 September 2010 17:54:23 Jeff Layton wrote: > On Fri, 24 Sep 2010 18:18:11 +0530 > "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com> wrote: > > @@ -2415,7 +2418,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de > > if (!inode) > > return -ENOENT; > > > > - error = may_create(dir, new_dentry); > > + error = may_create(dir, new_dentry, S_ISDIR(inode->i_mode)); > > ^^^^ this is a little > scary, but even if it's > a directory, it'll get > kicked out in a later > check. Would it be > clearer to move up the > S_ISDIR() check in this > function and then pass > this in as false? Ah, you mean this: --- a/fs/namei.c +++ b/fs/namei.c @@ -2450,7 +2450,9 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de if (!inode) return -ENOENT; - error = may_create(dir, new_dentry, S_ISDIR(inode->i_mode)); + if (S_ISDIR(inode->i_mode)) + return -EPERM; + error = may_create(dir, new_dentry, 0); if (error) return error; @@ -2464,8 +2466,6 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de return -EPERM; if (!dir->i_op->link) return -EPERM; - if (S_ISDIR(inode->i_mode)) - return -EPERM; error = security_inode_link(old_dentry, dir, new_dentry); if (error) This is a clear improvement; I don't think it matters that user-space will get -EPERM instead of -EXDEV when trying to hard-link a directory across devices. Thanks, Andreas -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists