lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <099e3ef2bf3a9ab2a1d545b65ba15fad359f2c03.1499805487.git.ernesto.mnd.fernandez@gmail.com>
Date:   Wed, 12 Jul 2017 06:54:19 -0300
From:   Ernesto A. Fernández 
        <ernesto.mnd.fernandez@...il.com>
To:     Jan Kara <jack@...e.com>, Theodore Ts'o <tytso@....edu>,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        Dave Kleikamp <shaggy@...nel.org>, linux-ext4@...r.kernel.org,
        jfs-discussion@...ts.sourceforge.net,
        reiserfs-devel@...r.kernel.org
Subject: [PATCH 2/5] ext2: preserve i_mode if ext2_set_acl() fails

When changing a file's acl mask, ext2_set_acl() will first set the group
bits of i_mode to the value of the mask, and only then set the actual
extended attribute representing the new acl.

If the second part fails (due to lack of space, for example) and the file
had no acl attribute to begin with, the system will from now on assume
that the mask permission bits are actual group permission bits, potentially
granting access to the wrong users.

Prevent this by only changing the inode mode after the acl has been set.

Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@...il.com>
---
A line in acl.c is too long, and checkpatch.pl complains about it when run
against this patch. In case it matters, the next patch will fix that.

 fs/ext2/acl.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c
index 79dafa7..4e04b7e 100644
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -185,16 +185,17 @@ ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
 	void *value = NULL;
 	size_t size = 0;
 	int error;
+	int update_mode = 0;
+	umode_t mode = inode->i_mode;
 
 	switch(type) {
 		case ACL_TYPE_ACCESS:
 			name_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;
 			if (acl) {
-				error = posix_acl_update_mode(inode, &inode->i_mode, &acl);
+				error = posix_acl_update_mode(inode, &mode, &acl);
 				if (error)
 					return error;
-				inode->i_ctime = current_time(inode);
-				mark_inode_dirty(inode);
+				update_mode = 1;
 			}
 			break;
 
@@ -216,8 +217,14 @@ ext2_set_acl(struct inode *inode, struct posix_acl *acl, int type)
 	error = ext2_xattr_set(inode, name_index, "", value, size, 0);
 
 	kfree(value);
-	if (!error)
+	if (!error) {
 		set_cached_acl(inode, type, acl);
+		if (update_mode) {
+			inode->i_mode = mode;
+			inode->i_ctime = current_time(inode);
+			mark_inode_dirty(inode);
+		}
+	}
 	return error;
 }
 
-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ