lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <lsq.1487198494.696686843@decadent.org.uk>
Date:   Wed, 15 Feb 2017 22:41:34 +0000
From:   Ben Hutchings <ben@...adent.org.uk>
To:     linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC:     akpm@...ux-foundation.org,
        "Jean-Pierre André" <jean-pierre.andre@...adoo.fr>,
        "Miklos Szeredi" <mszeredi@...hat.com>
Subject: [PATCH 3.2 036/126] fuse: invalidate dir dentry after chmod

3.2.85-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Miklos Szeredi <mszeredi@...hat.com>

commit 5e2b8828ff3d79aca8c3a1730652758753205b61 upstream.

Without "default_permissions" the userspace filesystem's lookup operation
needs to perform the check for search permission on the directory.

If directory does not allow search for everyone (this is quite rare) then
userspace filesystem has to set entry timeout to zero to make sure
permissions are always performed.

Changing the mode bits of the directory should also invalidate the
(previously cached) dentry to make sure the next lookup will have a chance
of updating the timeout, if needed.

Reported-by: Jean-Pierre André <jean-pierre.andre@...adoo.fr>
Signed-off-by: Miklos Szeredi <mszeredi@...hat.com>
[bwh: Backported to 3.2:
 - Adjust context
 - Open-code d_is_dir()]
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
 fs/fuse/dir.c | 14 +++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1393,10 +1393,20 @@ error:
 
 static int fuse_setattr(struct dentry *entry, struct iattr *attr)
 {
+	int ret;
+
 	if (attr->ia_valid & ATTR_FILE)
-		return fuse_do_setattr(entry, attr, attr->ia_file);
+		ret = fuse_do_setattr(entry, attr, attr->ia_file);
 	else
-		return fuse_do_setattr(entry, attr, NULL);
+		ret = fuse_do_setattr(entry, attr, NULL);
+
+	if (!ret) {
+		/* Directory mode changed, may need to revalidate access */
+		if (S_ISDIR(entry->d_inode->i_mode) &&
+		    (attr->ia_valid & ATTR_MODE))
+			fuse_invalidate_entry_cache(entry);
+	}
+	return ret;
 }
 
 static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry,

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ