Re: [PATCH] attr: block mode changes of symlinks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 12 Jul 2023 at 02:56, Christian Brauner <brauner@xxxxxxxxxx> wrote:
>
> Changing the mode of symlinks is meaningless as the vfs doesn't take the
> mode of a symlink into account during path lookup permission checking.

Hmm. I have this dim memory that we actually used to do that as an
extension at one point for the symlinks in /proc. Long long ago.

Or maybe it was just a potential plan.

Because at least in /proc, the symlinks *do* have protection semantics
(ie you can't do readlink() on them or follow them without the right
permissions.

That said, blocking the mode setting sounds fine, because the proc
permissions are basically done separately.

However:

>         if ((ia_valid & ATTR_MODE)) {
> +               if (S_ISLNK(inode->i_mode))
> +                       return -EOPNOTSUPP;
> +
>                 umode_t amode = attr->ia_mode;

The above is not ok. It might compile these days because we have to
allow statements before declarations for other reasons, but that
doesn't make it ok.

             Linus



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux