lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130214083748.GF18408@localhost>
Date:	Thu, 14 Feb 2013 00:37:49 -0800
From:	Joel Becker <jlbec@...lplan.org>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	linux-fsdevel@...r.kernel.org,
	Linux Containers <containers@...ts.linux-foundation.org>,
	linux-kernel@...r.kernel.org, "Serge E. Hallyn" <serge@...lyn.com>,
	Mark Fasheh <mfasheh@...e.com>
Subject: Re: [PATCH review 25/85] ocfs2: Compare kuids and kgids using uid_eq
 and gid_eq

On Wed, Feb 13, 2013 at 09:51:14AM -0800, Eric W. Biederman wrote:
> From: "Eric W. Biederman" <ebiederm@...ssion.com>
> 
> Cc: Mark Fasheh <mfasheh@...e.com>
> Cc: Joel Becker <jlbec@...lplan.org>
> Signed-off-by: "Eric W. Biederman" <ebiederm@...ssion.com>
> ---
>  fs/ocfs2/file.c         |    8 ++++----
>  fs/ocfs2/refcounttree.c |    2 +-
>  2 files changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
> index 8ee9332..0a2924a 100644
> --- a/fs/ocfs2/file.c
> +++ b/fs/ocfs2/file.c
> @@ -1175,14 +1175,14 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
>  		}
>  	}
>  
> -	if ((attr->ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
> -	    (attr->ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) {
> +	if ((attr->ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)) ||
> +	    (attr->ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid))) {

Will the code work if built just before this patch?  IOW, does the
original comparison (attr->ia_gid != inode->i_gid) work when the system
is in the init_user_namespace?  If not, then the previous patches are
not leaving a functional filesystem.

Joel

>  		/*
>  		 * Gather pointers to quota structures so that allocation /
>  		 * freeing of quota structures happens here and not inside
>  		 * dquot_transfer() where we have problems with lock ordering
>  		 */
> -		if (attr->ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid
> +		if (attr->ia_valid & ATTR_UID && !uid_eq(attr->ia_uid, inode->i_uid)
>  		    && OCFS2_HAS_RO_COMPAT_FEATURE(sb,
>  		    OCFS2_FEATURE_RO_COMPAT_USRQUOTA)) {
>  			transfer_to[USRQUOTA] = dqget(sb, make_kqid_uid(attr->ia_uid));
> @@ -1191,7 +1191,7 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
>  				goto bail_unlock;
>  			}
>  		}
> -		if (attr->ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid
> +		if (attr->ia_valid & ATTR_GID && !gid_eq(attr->ia_gid, inode->i_gid)
>  		    && OCFS2_HAS_RO_COMPAT_FEATURE(sb,
>  		    OCFS2_FEATURE_RO_COMPAT_GRPQUOTA)) {
>  			transfer_to[GRPQUOTA] = dqget(sb, make_kqid_gid(attr->ia_gid));
> diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c
> index 30a0550..934a4ac 100644
> --- a/fs/ocfs2/refcounttree.c
> +++ b/fs/ocfs2/refcounttree.c
> @@ -4407,7 +4407,7 @@ static int ocfs2_vfs_reflink(struct dentry *old_dentry, struct inode *dir,
>  	 * rights to do so.
>  	 */
>  	if (preserve) {
> -		if ((current_fsuid() != inode->i_uid) && !capable(CAP_CHOWN))
> +		if (!uid_eq(current_fsuid(), inode->i_uid) && !capable(CAP_CHOWN))
>  			return -EPERM;
>  		if (!in_group_p(inode->i_gid) && !capable(CAP_CHOWN))
>  			return -EPERM;
> -- 
> 1.7.5.4
> 

-- 

"Where are my angels?
 Where's my golden one?
 And where is my hope
 Now that my heroes are gone?"

			http://www.jlbec.org/
			jlbec@...lplan.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ