| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Nov 2006 11:27:41 -0800 From: Andrew Morton <akpm@...l.org> To: Andreas Gruenbacher <agruen@...e.de> Cc: linux-kernel@...r.kernel.org, Gerard Neil <xyzzy@...ferret.org>, Dave Kleikamp <shaggy@...tin.ibm.com>, Linus Torvalds <torvalds@...l.org> Subject: Re: [PATCH] Fix user.* xattr permission check for sticky dirs On Thu, 2 Nov 2006 17:24:02 +0100 Andreas Gruenbacher <agruen@...e.de> wrote: > The user.* extended attributes are only allowed on regular files and > directories. Sticky directories further restrict write access to the > owner and privileged users. (See the attr(5) man page for an > explanation.) > > The original check in ext2/ext3 when user.* xattrs were merged was more > restrictive than intended, and when the xattr permission checks were moved > into the VFS, read access to user.* attributes on sticky directores ended up > being denied in addition. Am struggling to understand the impact of this. I assume this problem was introduced on Jan 9 by e0ad7b073eb7317e5afe0385b02dcb1d52a1eedf "move xattr permission checks into the VFS"? If so, the fix is applicable to 2.6.18, 2.6.19 and of course 2.6.20. But to which of those should it be applied? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists