| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Sep 2010 15:23:42 -0400
From: Jeff Layton <jlayton@...hat.com>
To: "Aneesh Kumar K. V" <aneesh.kumar@...ux.vnet.ibm.com>
Cc: sfrench@...ibm.com, ffilz@...ibm.com, agruen@...e.de,
adilger@....com, sandeen@...hat.com, tytso@....edu,
bfields@...i.umich.edu, linux-fsdevel@...r.kernel.org,
nfsv4@...ux-nfs.org, linux-ext4@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH -V4 08/11] vfs: Add new file and directory create
permission flags
On Sat, 25 Sep 2010 00:46:03 +0530
"Aneesh Kumar K. V" <aneesh.kumar@...ux.vnet.ibm.com> wrote:
> On Fri, 24 Sep 2010 11:54:23 -0400, Jeff Layton <jlayton@...hat.com> wrote:
> > On Fri, 24 Sep 2010 18:18:11 +0530
> > "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com> wrote:
> >
> > > From: Andreas Gruenbacher <agruen@...e.de>
> > >
> > > Some permission models distinguish between the permission to create a
> > > non-directory and a directory. Pass this information down to
> > > inode_permission() as mask flags
> > >
> > > Signed-off-by: Andreas Gruenbacher <agruen@...e.de>
> > > Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@...ux.vnet.ibm.com>
> > > ---
> > > fs/namei.c | 21 ++++++++++++---------
> > > include/linux/fs.h | 2 ++
> > > 2 files changed, 14 insertions(+), 9 deletions(-)
> > >
> > > diff --git a/fs/namei.c b/fs/namei.c
> > > index b0b8a71..ed786b2 100644
> > > --- a/fs/namei.c
> > > +++ b/fs/namei.c
> > > @@ -253,7 +253,8 @@ int generic_permission(struct inode *inode, int mask,
> > > * for filesystem access without changing the "normal" uids which
> > > * are used for other things.
> > > *
> > > - * When checking for MAY_APPEND, MAY_WRITE must also be set in @mask.
> > > + * When checking for MAY_APPEND, MAY_CREATE_FILE, MAY_CREATE_DIR,
> > > + * MAY_WRITE must also be set in @mask.
> > > */
> > > int inode_permission(struct inode *inode, int mask)
> > > {
> > > @@ -1337,13 +1338,15 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
> > > * 3. We should have write and exec permissions on dir
> > > * 4. We can't do it if dir is immutable (done in permission())
> > > */
> > > -static inline int may_create(struct inode *dir, struct dentry *child)
> > > +static inline int may_create(struct inode *dir, struct dentry *child, int isdir)
> > ^^^^^
> > nit: maybe saner as a bool?
> > > {
> > > + int mask = isdir ? MAY_CREATE_DIR : MAY_CREATE_FILE;
> > > +
> > > if (child->d_inode)
> > > return -EEXIST;
> > > if (IS_DEADDIR(dir))
> > > return -ENOENT;
> > > - return inode_permission(dir, MAY_WRITE | MAY_EXEC);
> > > + return inode_permission(dir, MAY_WRITE | MAY_EXEC | mask);
> > > }
> > >
> > > /*
> > > @@ -1391,7 +1394,7 @@ void unlock_rename(struct dentry *p1, struct dentry *p2)
> > > int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
> > > struct nameidata *nd)
> > > {
> > > - int error = may_create(dir, dentry);
> > > + int error = may_create(dir, dentry, 0);
> > >
> > > if (error)
> > > return error;
> > > @@ -1953,7 +1956,7 @@ EXPORT_SYMBOL_GPL(lookup_create);
> > >
> > > int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
> > > {
> > > - int error = may_create(dir, dentry);
> > > + int error = may_create(dir, dentry, 0);
> > >
> > > if (error)
> > > return error;
> > > @@ -2057,7 +2060,7 @@ SYSCALL_DEFINE3(mknod, const char __user *, filename, int, mode, unsigned, dev)
> > >
> > > int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
> > > {
> > > - int error = may_create(dir, dentry);
> > > + int error = may_create(dir, dentry, 1);
> > >
> > > if (error)
> > > return error;
> > > @@ -2342,7 +2345,7 @@ SYSCALL_DEFINE1(unlink, const char __user *, pathname)
> > >
> > > int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname)
> > > {
> > > - int error = may_create(dir, dentry);
> > > + int error = may_create(dir, dentry, 0);
> > >
> > > if (error)
> > > return error;
> > > @@ -2415,7 +2418,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
> > > if (!inode)
> > > return -ENOENT;
> > >
> > > - error = may_create(dir, new_dentry);
> > > + error = may_create(dir, new_dentry, S_ISDIR(inode->i_mode));
> >
> > ^^^^ this is a little
> > scary, but even if it's
> > a directory, it'll get
> > kicked out in a later
> > check. Would it be
> > clearer to move up the
> > S_ISDIR() check in this
> > function and then pass
> > this in as false?
>
> Can you elaborate on this ?
>
> -aneesh
>
Hardlinked directories are a no-no, of course. So when I first saw this
patch, it gave me pause. There's a later check in vfs_link though that
explicitly rejects hardlinking directories, so the above is harmless.
It may be more efficient to go ahead and return error if the target
is a directory however and bypass the permission check.
OTOH, maybe there's good reason to do it this way or I'm just being
excessively nitpicky.
--
Jeff Layton <jlayton@...hat.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists