| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jul 2016 10:44:54 -0400 From: Vivek Goyal <vgoyal@...hat.com> To: miklos@...redi.hu, sds@...ho.nsa.gov, pmoore@...hat.com, casey@...aufler-ca.com, linux-kernel@...r.kernel.org, linux-unionfs@...r.kernel.org, linux-security-module@...r.kernel.org Cc: dwalsh@...hat.com, dhowells@...hat.com, viro@...IV.linux.org.uk, vgoyal@...hat.com, linux-fsdevel@...r.kernel.org Subject: [PATCH 8/9] overlayfs: Dilute permission checks on lower only if not special file Right now if file is on lower/, we remove MAY_WRITE/MAY_APPEND bits from mask as lower/ will never be written and file will be copied up. But this is not true for special files. These files are not copied up and are opened in place. So don't dilute the checks for these types of files. Reported-by: Dan Walsh <dwalsh@...hat.com> Signed-off-by: Vivek Goyal <vgoyal@...hat.com> --- fs/overlayfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 66f42f5..6d9d86e 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -140,7 +140,7 @@ int ovl_permission(struct inode *inode, int mask) return err; old_cred = ovl_override_creds(inode->i_sb); - if (!is_upper) + if (!is_upper && !special_file(realinode->i_mode)) mask &= ~(MAY_WRITE | MAY_APPEND); err = inode_permission(realinode, mask); revert_creds(old_cred); -- 2.7.4
Powered by blists - more mailing lists