On Wed, Apr 27, 2022 at 11:22:01AM +0200, Christian Brauner wrote:
> +static inline umode_t vfs_prepare_mode(struct user_namespace *mnt_userns,
> + const struct inode *dir, umode_t mode,
> + umode_t mask_perms, umode_t type)
> +{
> + /*
> + * S_ISGID stripping depends on the mode of the new file so make sure
> + * that the caller gives us this information and splat if we miss it.
> + */
> + WARN_ON_ONCE((mode & S_IFMT) == 0);
<blink>
First of all, what happens if you call mknod("/tmp/blah", 0, 0)? And the only
thing about type bits we care about is "is it a directory" - the sensitive
stuff is in the low 12 bits... What is that check about?
> + mode = mode_strip_sgid(mnt_userns, dir, mode);
> + mode = mode_strip_umask(dir, mode);
> +
> + /*
> + * Apply the vfs mandated allowed permission mask and set the type of
> + * file to be created before we call into the filesystem.
> + */
> + mode &= (mask_perms & ~S_IFMT);
> + mode |= (type & S_IFMT);
> +
> + return mode;
