lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87lhulbk9f.fsf@linux.vnet.ibm.com>
Date:	Thu, 01 May 2014 20:48:04 +0530
From:	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>
To:	Dave Chinner <david@...morbit.com>
Cc:	agruen@...nel.org, bfields@...ldses.org, akpm@...ux-foundation.org,
	viro@...iv.linux.org.uk, dhowells@...hat.com,
	linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH -V1 06/22] vfs: Add delete child and delete self permission flags

Dave Chinner <david@...morbit.com> writes:

> On Sun, Apr 27, 2014 at 09:44:37PM +0530, Aneesh Kumar K.V wrote:
>> From: Andreas Gruenbacher <agruen@...nel.org>
>> 
>> Normally, deleting a file requires write access to the parent directory.
>> Some permission models use a different permission on the parent
>> directory to indicate delete access.  In addition, a process can have
>> per-file delete access even without delete access on the parent
>> directory.
>> 
>> Introduce two new inode_permission() mask flags and use them in
>> may_delete()
>> 
>> Signed-off-by: Andreas Gruenbacher <agruen@...nel.org>
>> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@...ux.vnet.ibm.com>
>> ---
>>  fs/namei.c         | 45 ++++++++++++++++++++++++++++++++++-----------
>>  include/linux/fs.h |  2 ++
>>  2 files changed, 36 insertions(+), 11 deletions(-)
>> 
>> diff --git a/fs/namei.c b/fs/namei.c
>> index 028bc8bcf77c..56ac7613fbca 100644
>> --- a/fs/namei.c
>> +++ b/fs/namei.c
>> @@ -446,7 +446,7 @@ static int sb_permission(struct super_block *sb, struct inode *inode, int mask)
>>   * changing the "normal" UIDs which are used for other things.
>>   *
>>   * When checking for MAY_APPEND, MAY_CREATE_FILE, MAY_CREATE_DIR,
>> - * MAY_WRITE must also be set in @mask.
>> + * MAY_DELETE_CHILD, MAY_DELETE_SELF, MAY_WRITE must also be set in @mask.
>>   */
>>  int inode_permission(struct inode *inode, int mask)
>>  {
>> @@ -2366,11 +2366,25 @@ kern_path_mountpoint(int dfd, const char *name, struct path *path,
>>  }
>>  EXPORT_SYMBOL(kern_path_mountpoint);
>>  
>> +
>> +/*
>> + * We should have exec permission on directory and MAY_DELETE_SELF
>> + * on the object being deleted.
>> + */
>> +static int richacl_may_selfdelete(struct inode *dir,
>> +				  struct inode *inode, int replace_mask)
>> +{
>> +	return (IS_RICHACL(inode) &&
>> +		(inode_permission(dir, MAY_EXEC | replace_mask) == 0) &&
>> +		(inode_permission(inode, MAY_DELETE_SELF) == 0));
>> +}
>
> Can't say I like these "richacl" prefixes. Why not just "may_*"
> like all the other permission checks?

Will update.

>
>
>> @@ -2414,13 +2431,19 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
>>  	BUG_ON(victim->d_parent->d_inode != dir);
>>  	audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
>>  
>> -	error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
>> +	mask = MAY_WRITE | MAY_EXEC | MAY_DELETE_CHILD;
>> +	if (replace)
>> +		replace_mask = S_ISDIR(inode->i_mode) ?
>> +				MAY_CREATE_DIR : MAY_CREATE_FILE;
>> +	error = inode_permission(dir, mask | replace_mask);
>> +	if (error && richacl_may_selfdelete(dir, inode, replace_mask))
>> +		error = 0;

....

>>  
>>  		if (!(flags & RENAME_EXCHANGE))
>> -			error = may_delete(new_dir, new_dentry, is_dir);
>> +			error = may_delete(new_dir, new_dentry, is_dir, 1);
>>  		else
>> -			error = may_delete(new_dir, new_dentry, new_is_dir);
>> +			error = may_delete(new_dir, new_dentry, new_is_dir, 1);
>
> Another boolean parameter that means nothing at the call site.  This
> should really be passing a flags field, not a bunch of booleans that
> are simply evaluated into flags...
>

Will update

Thanks
-aneesh

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ