| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <28763.1538662213@warthog.procyon.org.uk>
Date: Thu, 04 Oct 2018 15:10:13 +0100
From: David Howells <dhowells@...hat.com>
To: NeilBrown <neilb@...e.com>
Cc: dhowells@...hat.com, "J. Bruce Fields" <bfields@...ldses.org>,
Anna Schumaker <anna.schumaker@...app.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Trond Myklebust <trond.myklebust@...merspace.com>,
Jan Harkes <jaharkes@...cmu.edu>, linux-nfs@...r.kernel.org,
Miklos Szeredi <miklos@...redi.hu>,
Jeff Layton <jlayton@...nel.org>, linux-kernel@...r.kernel.org,
linux-afs@...ts.infradead.org, coda@...cmu.edu,
linux-fsdevel@...r.kernel.org, Christoph Hellwig <hch@....de>
Subject: Re: [PATCH 1/3] VFS: introduce MAY_ACT_AS_OWNER
NeilBrown <neilb@...e.com> wrote:
> diff --git a/fs/afs/security.c b/fs/afs/security.c
> index 81dfedb7879f..ac2e39de8bff 100644
> --- a/fs/afs/security.c
> +++ b/fs/afs/security.c
> @@ -349,6 +349,16 @@ int afs_permission(struct inode *inode, int mask)
> if (mask & MAY_NOT_BLOCK)
> return -ECHILD;
>
> + /* Short-circuit for owner */
> + if (mask & MAY_ACT_AS_OWNER) {
> + if (inode_owner_or_capable(inode))
You don't know that inode->i_uid in meaningful. You may have noticed that
afs_permission() ignores i_uid and i_gid entirely. It queries the server (if
this information is not otherwise cached) to ask what permits the user is
granted - where the user identity is defined by the key returned from
afs_request_key()[*].
So, NAK for the afs piece.
David
[*] If there's no appropriate key, anonymous permits will be used.
Powered by blists - more mailing lists