On Wed, May 29, 2019 at 10:10:37PM +0300, Amir Goldstein wrote:
> On Wed, May 29, 2019 at 9:31 PM Darrick J. Wong <darrick.wong@xxxxxxxxxx> wrote:
> >
> > On Wed, May 29, 2019 at 08:43:11PM +0300, Amir Goldstein wrote:
> > > Note that by using the helper, the order of calling file_remove_privs()
> > > after file_update_mtime() in xfs_file_aio_write_checks() has changed.
> > >
> > > Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
> > > ---
> > > fs/xfs/xfs_file.c | 15 +--------------
> > > 1 file changed, 1 insertion(+), 14 deletions(-)
> > >
> > > diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
> > > index 76748255f843..916a35cae5e9 100644
> > > --- a/fs/xfs/xfs_file.c
> > > +++ b/fs/xfs/xfs_file.c
> > > @@ -367,20 +367,7 @@ xfs_file_aio_write_checks(
> > > * lock above. Eventually we should look into a way to avoid
> > > * the pointless lock roundtrip.
> > > */
> > > - if (likely(!(file->f_mode & FMODE_NOCMTIME))) {
> >
> > ...especially since here we think NOCMTIME is likely /not/ to be set.
> >
> > > - error = file_update_time(file);
> > > - if (error)
> > > - return error;
> > > - }
> > > -
> > > - /*
> > > - * If we're writing the file then make sure to clear the setuid and
> > > - * setgid bits if the process is not being run by root. This keeps
> > > - * people from modifying setuid and setgid binaries.
> > > - */
> > > - if (!IS_NOSEC(inode))
> > > - return file_remove_privs(file);
> >
> > Hm, file_modified doesn't have the !IS_NOSEC check guarding
> > file_remove_privs, are you sure it's ok to remove the suid bits
> > unconditionally? Even if SB_NOSEC (and therefore S_NOSEC) are set?
> >
>
> file_remove_privs() has its own IS_NOSEC() check.
Ah, ok,
Reviewed-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
--D
> Thanks,
> Amir.
