lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <1233886486.3135.0.camel@localhost.localdomain>
Date:	Thu, 05 Feb 2009 21:14:46 -0500
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	James Morris <jmorris@...ei.org>
Cc:	Al Viro <viro@....linux.org.uk>, linux-kernel@...r.kernel.org
Subject: Re: [MERGE] integrity / vfs merge conflict resolved

On Fri, 2009-02-06 at 11:05 +1100, James Morris wrote: 
> I manually resolved a conflict between Linus and 
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
> 
> as follows (please review).

It looks fine.

> commit cb5629b10d64a8006622ce3a52bc887d91057d69
> Merge: 8920d5a... f01d1d5...
> Author: James Morris <jmorris@...ei.org>
> Date:   Fri Feb 6 11:01:45 2009 +1100
> 
>     Merge branch 'master' into next
>     
>     Conflicts:
>     	fs/namei.c
>     
>     Manually merged per:
>     
>     diff --cc fs/namei.c
>     index 734f2b5,bbc15c2..0000000
>     --- a/fs/namei.c
>     +++ b/fs/namei.c
>     @@@ -860,9 -848,8 +849,10 @@@ static int __link_path_walk(const char
>       		nd->flags |= LOOKUP_CONTINUE;
>       		err = exec_permission_lite(inode);
>       		if (err == -EAGAIN)
>     - 			err = vfs_permission(nd, MAY_EXEC);
>     + 			err = inode_permission(nd->path.dentry->d_inode,
>     + 					       MAY_EXEC);
>      +		if (!err)
>      +			err = ima_path_check(&nd->path, MAY_EXEC);
>        		if (err)
>       			break;
>     
>     @@@ -1525,14 -1506,9 +1509,14 @@@ int may_open(struct path *path, int acc
>       		flag &= ~O_TRUNC;
>       	}
>     
>     - 	error = vfs_permission(nd, acc_mode);
>     + 	error = inode_permission(inode, acc_mode);
>       	if (error)
>       		return error;
>      +
>     - 	error = ima_path_check(&nd->path,
>     ++	error = ima_path_check(path,
>      +			       acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
>      +	if (error)
>      +		return error;
>       	/*
>       	 * An append-only file must be opened in append mode for writing.
>       	 */
>     
>     Signed-off-by: James Morris <jmorris@...ei.org>
> 
> diff --cc fs/exec.c
> index 9c789a5,0dd60a0..febfd8e
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@@ -128,12 -123,10 +124,13 @@@ SYSCALL_DEFINE1(uselib, const char __us
>   	if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
>   		goto exit;
>   
> - 	error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN);
> + 	error = inode_permission(nd.path.dentry->d_inode,
> + 				 MAY_READ | MAY_EXEC | MAY_OPEN);
>   	if (error)
>   		goto exit;
>  +	error = ima_path_check(&nd.path, MAY_READ | MAY_EXEC | MAY_OPEN);
>  +	if (error)
>  +		goto exit;
>   
>   	file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
>   	error = PTR_ERR(file);
> @@@ -684,12 -671,9 +675,12 @@@ struct file *open_exec(const char *name
>   	if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
>   		goto out_path_put;
>   
> - 	err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN);
> + 	err = inode_permission(nd.path.dentry->d_inode, MAY_EXEC | MAY_OPEN);
>   	if (err)
>   		goto out_path_put;
>  +	err = ima_path_check(&nd.path, MAY_EXEC | MAY_OPEN);
>  +	if (err)
>  +		goto out_path_put;
>   
>   	file = nameidata_to_filp(&nd, O_RDONLY|O_LARGEFILE);
>   	if (IS_ERR(file))
> diff --cc fs/namei.c
> index 734f2b5,bbc15c2..1993176
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@@ -860,9 -848,8 +849,10 @@@ static int __link_path_walk(const char 
>   		nd->flags |= LOOKUP_CONTINUE;
>   		err = exec_permission_lite(inode);
>   		if (err == -EAGAIN)
> - 			err = vfs_permission(nd, MAY_EXEC);
> + 			err = inode_permission(nd->path.dentry->d_inode,
> + 					       MAY_EXEC);
>  +		if (!err)
>  +			err = ima_path_check(&nd->path, MAY_EXEC);
>    		if (err)
>   			break;
>   
> @@@ -1525,14 -1506,9 +1509,14 @@@ int may_open(struct path *path, int acc
>   		flag &= ~O_TRUNC;
>   	}
>   
> - 	error = vfs_permission(nd, acc_mode);
> + 	error = inode_permission(inode, acc_mode);
>   	if (error)
>   		return error;
>  +
> - 	error = ima_path_check(&nd->path,
> ++	error = ima_path_check(path,
>  +			       acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC));
>  +	if (error)
>  +		return error;
>   	/*
>   	 * An append-only file must be opened in append mode for writing.
>   	 */
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ