| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20171021133947.19935-1-nicolas@belouin.fr>
Date: Sat, 21 Oct 2017 15:39:47 +0200
From: Nicolas Belouin <nicolas@...ouin.fr>
To: Dave Kleikamp <shaggy@...nel.org>, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, jfs-discussion@...ts.sourceforge.net
Cc: Nicolas Belouin <nicolas@...ouin.fr>
Subject: [PATCH] fs: fix xattr permission checking error
Fix an issue making trusted xattr world readable and other
cap_sys_admin only
Signed-off-by: Nicolas Belouin <nicolas@...ouin.fr>
---
fs/hfsplus/xattr.c | 2 +-
fs/jfs/xattr.c | 5 ++---
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/fs/hfsplus/xattr.c b/fs/hfsplus/xattr.c
index d37bb88dc746..ae03a19196ef 100644
--- a/fs/hfsplus/xattr.c
+++ b/fs/hfsplus/xattr.c
@@ -604,7 +604,7 @@ static inline int can_list(const char *xattr_name)
if (!xattr_name)
return 0;
- return strncmp(xattr_name, XATTR_TRUSTED_PREFIX,
+ return !strncmp(xattr_name, XATTR_TRUSTED_PREFIX,
XATTR_TRUSTED_PREFIX_LEN) ||
capable(CAP_SYS_ADMIN);
}
diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c
index c60f3d32ee91..1c46573a96ed 100644
--- a/fs/jfs/xattr.c
+++ b/fs/jfs/xattr.c
@@ -858,9 +858,8 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data,
*/
static inline int can_list(struct jfs_ea *ea)
{
- return (strncmp(ea->name, XATTR_TRUSTED_PREFIX,
- XATTR_TRUSTED_PREFIX_LEN) ||
- capable(CAP_SYS_ADMIN));
+ return (!strncmp(ea->name, XATTR_TRUSTED_PREFIX,
+ XATTR_TRUSTED_PREFIX_LEN) || capable(CAP_SYS_ADMIN));
}
ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size)
--
2.14.2
Powered by blists - more mailing lists