| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Jul 2007 19:31:12 +0100
From: Al Viro <viro@....linux.org.uk>
To: Ulrich Drepper <drepper@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Markus Trippelsdorf <markus@...ppelsdorf.de>,
Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: 2.6.22-rc6(mm1) Unable to handle kernel NULL pointer dereference - git-bisect result
On Sun, Jul 08, 2007 at 11:24:53AM -0700, Ulrich Drepper wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Linus Torvalds wrote:
> > notify_change() does *not* do permission checks for
> > ATTR_CTIME/MTIME/ATIME.
>
> Then I don't understand
>
> /* Check for setting the inode time. */
> if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) {
> if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))
> goto error;
> }
>
> in inode_change_ok. This seems to me exactly like the check needed.
Sigh... There are two operations.
1) set the timestamp to user-supplied value. Owner-only.
2) have the timestamp set to _now_. Obviously can be done not
only by the owner (think of e.g. write(2)); having write access is
sufficient.
ATTR_MTIME_SET is the former. ATTR_MTIME without ATTR_MTIME_SET is the
latter and that's what utimes(foo, NULL) ends up doing.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists