Re: [PATCH v3 07/13] xfs: use file_modified() helper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 29, 2019 at 9:31 PM Darrick J. Wong <darrick.wong@xxxxxxxxxx> wrote:
>
> On Wed, May 29, 2019 at 08:43:11PM +0300, Amir Goldstein wrote:
> > Note that by using the helper, the order of calling file_remove_privs()
> > after file_update_mtime() in xfs_file_aio_write_checks() has changed.
> >
> > Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
> > ---
> >  fs/xfs/xfs_file.c | 15 +--------------
> >  1 file changed, 1 insertion(+), 14 deletions(-)
> >
> > diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> > index 76748255f843..916a35cae5e9 100644
> > --- a/fs/xfs/xfs_file.c
> > +++ b/fs/xfs/xfs_file.c
> > @@ -367,20 +367,7 @@ xfs_file_aio_write_checks(
> >        * lock above.  Eventually we should look into a way to avoid
> >        * the pointless lock roundtrip.
> >        */
> > -     if (likely(!(file->f_mode & FMODE_NOCMTIME))) {
>
> ...especially since here we think NOCMTIME is likely /not/ to be set.
>
> > -             error = file_update_time(file);
> > -             if (error)
> > -                     return error;
> > -     }
> > -
> > -     /*
> > -      * If we're writing the file then make sure to clear the setuid and
> > -      * setgid bits if the process is not being run by root.  This keeps
> > -      * people from modifying setuid and setgid binaries.
> > -      */
> > -     if (!IS_NOSEC(inode))
> > -             return file_remove_privs(file);
>
> Hm, file_modified doesn't have the !IS_NOSEC check guarding
> file_remove_privs, are you sure it's ok to remove the suid bits
> unconditionally?  Even if SB_NOSEC (and therefore S_NOSEC) are set?
>

file_remove_privs() has its own IS_NOSEC() check.

Thanks,
Amir.



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux