| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 01 Jul 2009 14:27:20 -0500 From: Eric Sandeen <sandeen@...hat.com> To: Amerigo Wang <amwang@...hat.com> CC: linux-kernel@...r.kernel.org, akpm@...ux-foundation.org, Eugene Teo <eteo@...hat.com>, viro@...iv.linux.org.uk, Eric Paris <eparis@...hat.com> Subject: Re: [Patch] allow file truncations when both suid and write permissions set Eric Sandeen wrote: > Amerigo Wang wrote: >> When suid is set and the non-owner user has write permission, >> any writing into this file should be allowed and suid should be >> removed after that. >> >> However, current kernel only allows writing without truncations, >> when we do truncations on that file, we get EPERM. This is a bug. ... > So I think the main problem here is simply that we didn't set > ATTR_FORCE, right... > > Seems a little odd to |= with ret, -then- check if it's non-0. Maybe: > > /* Remove suid/sgid on truncate too */ > - newattrs.ia_valid |= should_remove_suid(dentry); > + ret = should_remove_suid(dentry); > + if (ret) > + newattrs.ia_valid |= (ret | ATTR_FORCE); > On second thought, and after talking w/ eparis, I think this probably needs a security_inode_killpriv() too... it seems like it might be best to change file_remove_suid(*file) to dentry_remove_suid(*dentry) and just call that from do_truncate()? -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists