lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 20 Jul 2006 23:09:01 +0200
From:	Björn Steinbrink <B.Steinbrink@....de>
To:	Kari Hurtta <hurtta+gmane@...lo.fmi.fi>
Cc:	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [RFC/PATCH] revoke/frevoke system calls

On 2006.07.20 23:02:53 +0300, Kari Hurtta wrote:
> Pekka J Enberg <penberg@...Helsinki.FI> writes in
> gmane.linux.file-systems,gmane.linux.kernel:
> 
> > From: Pekka Enberg <penberg@...helsinki.fi>
> > 
> > This patch implements the revoke(2) and frevoke(2) system calls for all
> > types of files. We revoke files in two passes: first we scan all open 
> > files that refer to the inode and substitute the struct file pointer in fd 
> > table with NULL causing all subsequent operations on that fd to fail. 
> > After we have done that to all file descriptors, we close the files and 
> > take down mmaps.
> > 
> > Note that now we need to unconditionally do fput/fget in sys_write and
> > sys_read because they race with do_revoke.
> > 
> > Signed-off-by: Pekka Enberg <penberg@...helsinki.fi>
> 
> What permissions is needed revoke access of other users open
> files ?
> 
> > +asmlinkage int sys_revoke(const char __user *filename)
> > +{
> > +	int err;
> > +	struct nameidata nd;
> > +
> > +	err = __user_walk(filename, 0, &nd);
> > +	if (!err) {
> > +		err = do_revoke(nd.dentry->d_inode, NULL);
> > +		path_release(&nd);
> > +	}
> > +	return err;
> > +}
> > +
> > +asmlinkage int sys_frevoke(unsigned int fd)
> > +{
> > +	struct file *file = fget(fd);
> > +	int err = -EBADF;
> > +
> > +	if (file) {
> > +		err = do_revoke(file->f_dentry->d_inode, file);
> > +		fput(file);
> > +	}
> > +	return err;
> > +}
> 
> Is that requiring only that user is able to refer file ?
> 
> 
> BSD manual page for revoke(2) seems say:
> 
>     Access to a file may be revoked only by its owner or the super user.

In do_revoke() there is:

+	if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER)) {
+		ret = -EPERM;
+		goto out;

That pretty much matches what the BSD manpage says.

Björn
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ