On Tue, 2009-08-18 at 16:39 +0900, OGAWA Hirofumi wrote:
> [Sorry if this killed thread. My ISP seems to be stopping email server
> now. I've read this email from web archive.]
>
> >> @@ -2711,12 +2711,17 @@ static int selinux_inode_permission(stru
> >> static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
> >> {
> >> const struct cred *cred = current_cred();
> >> + unsigned int ia_valid = iattr->ia_valid;
> >>
> >> - if (iattr->ia_valid & ATTR_FORCE)
> >> - return 0;
> >> + /* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */
> >> + if (ia_valid & ATTR_FORCE) {
> >> + ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE);
> >> + if (!ia_valid)
> >> + return 0;
> >>
> >
> > So if I read this correctly, (ATTR_FORCE| ATTR_KILL_SUID|ATTR_MODE) will
> > not return here, since 'ia_valid' will be ATTR_FORCE finally.
> >
> > I think you forgot to clear ATTR_FORCE here...
>
> Whoops, good catch. Fortunately, it doesn't seem to have actual problem,
> but it's bug obviously, and sorry for that. Fixed patch was attached.
You can add my:
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
--
Stephen Smalley
National Security Agency
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
