| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <406c292988bbf9cab8eb8b83e290c1f44151f76f.1200905287.git.swhiteho@redhat.com>
Date: Mon, 21 Jan 2008 09:21:45 +0000
From: swhiteho@...hat.com
To: linux-kernel@...r.kernel.org, cluster-devel@...hat.com
Cc: "Ryan O'Hara" <rohara@...hat.com>,
Steven Whitehouse <swhiteho@...hat.com>
Subject: [PATCH 27/58] [GFS2] remove unnecessary permission checks
From: Ryan O'Hara <rohara@...hat.com>
Remove read/write permission() checks from xattr operations.
VFS layer is already handling permission for xattrs via the
xattr_permission() call, so there is no need for gfs2 to
check permissions. Futhermore, using permission() for SELinux
xattrs ops is incorrect.
Signed-off-by: Ryan O'Hara <rohara@...hat.com>
Signed-off-by: Steven Whitehouse <swhiteho@...hat.com>
diff --git a/fs/gfs2/eaops.c b/fs/gfs2/eaops.c
index aa8dbf3..ef91b6e 100644
--- a/fs/gfs2/eaops.c
+++ b/fs/gfs2/eaops.c
@@ -59,9 +59,6 @@ unsigned int gfs2_ea_name2type(const char *name, const char **truncated_name)
static int user_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
{
struct inode *inode = &ip->i_inode;
- int error = permission(inode, MAY_READ, NULL);
- if (error)
- return error;
return gfs2_ea_get_i(ip, er);
}
@@ -70,14 +67,6 @@ static int user_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
{
struct inode *inode = &ip->i_inode;
- if (S_ISREG(inode->i_mode) ||
- (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
- int error = permission(inode, MAY_WRITE, NULL);
- if (error)
- return error;
- } else
- return -EPERM;
-
return gfs2_ea_set_i(ip, er);
}
@@ -85,14 +74,6 @@ static int user_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
{
struct inode *inode = &ip->i_inode;
- if (S_ISREG(inode->i_mode) ||
- (S_ISDIR(inode->i_mode) && !(inode->i_mode & S_ISVTX))) {
- int error = permission(inode, MAY_WRITE, NULL);
- if (error)
- return error;
- } else
- return -EPERM;
-
return gfs2_ea_remove_i(ip, er);
}
@@ -108,8 +89,6 @@ static int system_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
GFS2_ACL_IS_DEFAULT(er->er_name, er->er_name_len)))
return -EOPNOTSUPP;
-
-
return gfs2_ea_get_i(ip, er);
}
@@ -173,9 +152,6 @@ static int system_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
{
struct inode *inode = &ip->i_inode;
- int error = permission(inode, MAY_READ, NULL);
- if (error)
- return error;
return gfs2_ea_get_i(ip, er);
}
@@ -183,9 +159,6 @@ static int security_eo_get(struct gfs2_inode *ip, struct gfs2_ea_request *er)
static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
{
struct inode *inode = &ip->i_inode;
- int error = permission(inode, MAY_WRITE, NULL);
- if (error)
- return error;
return gfs2_ea_set_i(ip, er);
}
@@ -193,9 +166,6 @@ static int security_eo_set(struct gfs2_inode *ip, struct gfs2_ea_request *er)
static int security_eo_remove(struct gfs2_inode *ip, struct gfs2_ea_request *er)
{
struct inode *inode = &ip->i_inode;
- int error = permission(inode, MAY_WRITE, NULL);
- if (error)
- return error;
return gfs2_ea_remove_i(ip, er);
}
--
1.5.1.2
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists