| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Feb 2008 11:23:47 +0100
From: Miklos Szeredi <miklos@...redi.hu>
To: akpm@...ux-foundation.org
CC: linux-kernel@...r.kernel.org, stable@...nel.org
Subject: [patch] fuse: fix permission checking
This is for 2.6.25 and 2.6.24.y, but NOT for 2.6.23.y.
Thanks,
Miklos
----
From: Miklos Szeredi <mszeredi@...e.cz>
I added a nasty local variable shadowing bug to fuse in 2.6.24, with
the result, that the 'default_permissions' mount option is basically
ignored.
How did this happen?
- old err declaration in inner scope
- new err getting declared in outer scope
- 'return err' from inner scope getting removed
- old declaration not being noticed
-Wshadow would have saved us, but it doesn't seem practical for
the kernel :(
More testing would have also saved us :((
Signed-off-by: Miklos Szeredi <mszeredi@...e.cz>
---
Index: linux/fs/fuse/dir.c
===================================================================
--- linux.orig/fs/fuse/dir.c 2008-02-15 10:46:06.000000000 +0100
+++ linux/fs/fuse/dir.c 2008-02-15 11:05:46.000000000 +0100
@@ -906,7 +906,7 @@ static int fuse_permission(struct inode
}
if (fc->flags & FUSE_DEFAULT_PERMISSIONS) {
- int err = generic_permission(inode, mask, NULL);
+ err = generic_permission(inode, mask, NULL);
/* If permission is denied, try to refresh file
attributes. This is also needed, because the root
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists