| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50EB7E44.1040707@asianux.com>
Date: Tue, 08 Jan 2013 10:02:44 +0800
From: Chen Gang <gang.chen@...anux.com>
To: Jan Kara <jack@...e.cz>
CC: akpm@...ux-foundation.org, adilger.kernel@...ger.ca,
Theodore Ts'o <tytso@....edu>, jaegeuk.kim@...sung.com,
dwmw2@...radead.org, torvalds@...ux-foundation.org,
linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
linux-mtd@...ts.infradead.org, reiserfs-devel@...r.kernel.org
Subject: Re: [PATCH v3] fs/ext*,f2fs,jffs2,reiserfs: give comments for acl
size and count calculation
于 2013年01月08日 03:20, Jan Kara 写道:
> On Fri 04-01-13 11:26:53, Chen Gang wrote:
>> >
>> > give comments (by Theodore Ts'o)
>> >
>> > ACL_USER_OBJ ACL_USER*[1] ACL_GROUP_OBJ ACL_GROUP*[1] ACL_MASK[2] ACL_OTHER
>> >
>> > [1] Where * is the regexp sense of "0 or more times"
>> > [2] Only if there is at least one ACL_USER or ACL_GROUP tag;
>> > otherwise skip ACL_MASK.
> Note that I actually updated the entry [2] to be more precise in my
> suggested comment. I wrote:
> [2] If ACL_USER or ACL_GROUP is present, then ACL_MASK must be present.
>
> Please use this formulation because the old version suggests ACL_MASK
> cannot be present if neither ACL_USER nor ACL_GROUP are present and that's
> not true. Otherwise your patch looks fine. Thanks!
according to the implementation of posix_acl_valid (contents at bottom).
new comments are more precise to match the implementation.
it means:
if new comments was incorrect, the implementation would be incorrect.
welcome another members (especially Theodore Ts'o) to giving confirmation or completion.
I should wait 2 days, before send patch v4 with new comments.
no additional reply within 2 days, means new comments is correct.
Regards
gchen.
76 int
77 posix_acl_valid(const struct posix_acl *acl)
78 {
79 const struct posix_acl_entry *pa, *pe;
80 int state = ACL_USER_OBJ;
81 kuid_t prev_uid = INVALID_UID;
82 kgid_t prev_gid = INVALID_GID;
83 int needs_mask = 0;
84
85 FOREACH_ACL_ENTRY(pa, acl, pe) {
86 if (pa->e_perm & ~(ACL_READ|ACL_WRITE|ACL_EXECUTE))
87 return -EINVAL;
88 switch (pa->e_tag) {
89 case ACL_USER_OBJ:
90 if (state == ACL_USER_OBJ) {
91 state = ACL_USER;
92 break;
93 }
94 return -EINVAL;
95
96 case ACL_USER:
97 if (state != ACL_USER)
98 return -EINVAL;
99 if (!uid_valid(pa->e_uid))
100 return -EINVAL;
101 if (uid_valid(prev_uid) &&
102 uid_lte(pa->e_uid, prev_uid))
103 return -EINVAL;
104 prev_uid = pa->e_uid;
105 needs_mask = 1;
106 break;
107
108 case ACL_GROUP_OBJ:
109 if (state == ACL_USER) {
110 state = ACL_GROUP;
111 break;
112 }
113 return -EINVAL;
114
115 case ACL_GROUP:
116 if (state != ACL_GROUP)
117 return -EINVAL;
118 if (!gid_valid(pa->e_gid))
119 return -EINVAL;
120 if (gid_valid(prev_gid) &&
121 gid_lte(pa->e_gid, prev_gid))
122 return -EINVAL;
123 prev_gid = pa->e_gid;
124 needs_mask = 1;
125 break;
126
127 case ACL_MASK:
128 if (state != ACL_GROUP)
129 return -EINVAL;
130 state = ACL_OTHER;
131 break;
132
133 case ACL_OTHER:
134 if (state == ACL_OTHER ||
135 (state == ACL_GROUP && !needs_mask)) {
136 state = 0;
137 break;
138 }
139 return -EINVAL;
140
141 default:
142 return -EINVAL;
143 }
144 }
145 if (state == 0)
146 return 0;
147 return -EINVAL;
148 }
--
Chen Gang
Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists