lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20090724143419.c479ab00.akpm@linux-foundation.org>
Date:	Fri, 24 Jul 2009 14:34:19 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Amerigo Wang <amwang@...hat.com>
Cc:	linux-kernel@...r.kernel.org, esandeen@...hat.com, eteo@...hat.com,
	eparis@...hat.com, amwang@...hat.com, stable@...nel.org,
	viro@...iv.linux.org.uk
Subject: Re: [RESEND Patch v2] allow file truncations when both suid and
 write permissions set

On Wed, 22 Jul 2009 05:17:02 -0400
Amerigo Wang <amwang@...hat.com> wrote:

> 
> V1 -> V2:
> Introduce dentry_remove_suid(), and use it in do_truncate().
> Thanks to Eric Paris.
> 
> 
> When suid is set and the non-owner user has write permission,
> any writing into this file should be allowed and suid should be
> removed after that.
> 
> However, current kernel only allows writing without truncations,
> when we do truncations on that file, we get EPERM. This is a bug.
> 
> Steps to reproduce this bug:
> 
> % ls -l rootdir/file1
> -rwsrwsrwx 1 root root 3 Jun 25 15:42 rootdir/file1
> % echo h > rootdir/file1
> zsh: operation not permitted: rootdir/file1
> % ls -l rootdir/file1
> -rwsrwsrwx 1 root root 3 Jun 25 15:42 rootdir/file1
> % echo h >> rootdir/file1
> % ls -l rootdir/file1
> -rwxrwxrwx 1 root root 5 Jun 25 16:34 rootdir/file1
> 
> This patch fixes it.

Thanks, I queued this up for Al's consideration.

> Signed-off-by: WANG Cong <amwang@...hat.com>
> Cc: stable@...nel.org
> Cc: Eric Sandeen <esandeen@...hat.com>
> Cc: Eric Paris <eparis@...hat.com>
> Cc: Eugene Teo <eteo@...hat.com>
> Cc: Al Viro <viro@...iv.linux.org.uk>

I removed the Cc:stable.  I'm not really sure whether we want to
backport this.

In fact I'm not really sure that we want to merge it at all.  It
introduces the risk that people will develope, test and ship
applications which malfunction when run on older kernels.

otoh we already have the risk that people's applications will run OK on
other OS's and will malfunction on Linux, and the patch fixes this.


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ