lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 18 Mar 2016 17:29:08 +1100
From:	NeilBrown <neilb@...e.com>
To:	Sergio Gelato <Sergio.Gelato@...ro.su.se>,
	Jiri Slaby <jslaby@...e.cz>
Cc:	stable@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3.12 01/58] nfsd: fix problem with setting ACL on directories

On Wed, Mar 16 2016, Sergio Gelato wrote:

> * Jiri Slaby [2016-03-16 11:58:46 +0100]:
>> From: NeilBrown <neilb@...e.com>
>> 
>> 3.12-stable review patch.  If anyone has any objections, please let me know.
>
>> If a non-inherited ACL is set on a directory, nfsd will try to set the Posix
>> default ACL to NULL.  This gets converted to "" by generic_setxattr().
>> As "" is not a valid posix acl attribute value, this results in an error.
>> 
>> So instead of setting the xattr to NULL, remove it.
>
> There is similar code in nfsd_set_posix_acl() further down in the same source
> file which skips the vfs_removexattr() call for default ACLs on non-directories
> (there shouldn't be too many of these) and ignores ENODATA returns from
> vfs_removexattr(). Are these precautions guaranteed to be unnecessary here in
> set_nfsv4_acl_one() ?

Those are not precautions, they are optimisations.  The vfs_removexattr
call would not be harmful, but would be unnecessary.
So we don't need to worry about that for set_nfsv4_acl_one - we only
apply optimisations to -stable if they are very significant.

Thanks,
NeilBrown


>
>> Fixes: ba1816b40a ("nfsd: fix NFS regression")
>> Signed-off-by: NeilBrown <neilb@...e.com>
>> Cc: Sergio Gelato <Sergio.Gelato@...ro.su.se>
>> Signed-off-by: Jiri Slaby <jslaby@...e.cz>
>> ---
>>  fs/nfsd/vfs.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
>> index fafac65804d6..e5f146c7c871 100644
>> --- a/fs/nfsd/vfs.c
>> +++ b/fs/nfsd/vfs.c
>> @@ -510,7 +510,7 @@ set_nfsv4_acl_one(struct dentry *dentry, struct posix_acl *pacl, char *key)
>>  	int error = 0;
>>  
>>  	if (!pacl)
>> -		return vfs_setxattr(dentry, key, NULL, 0, 0);
>> +		return vfs_removexattr(dentry, key);
>>  
>>  	buflen = posix_acl_xattr_size(pacl->a_count);
>>  	buf = kmalloc(buflen, GFP_KERNEL);
>> -- 
>> 2.7.3
>> 

Download attachment "signature.asc" of type "application/pgp-signature" (819 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ