Miklos Szeredi wrote: > Cross rename (A, B) is equivalent to plain rename(A, B) + plain rename > (B, A) done as a single atomic operation. If security module allows > both then cross rename is allowed. If at least one is denied then the > cross rename is denied. Yes, the functionality itself is fine. The problem is how LSM users check their permissions for the functionality. > > This is prepared for in "[PATCH 06/11] security: add flags to rename > hooks" and actually done in "[PATCH 07/11] vfs: add cross-rename". > > Security people are free to implement a explicit security check for > cross rename, but I don't think that is in the scope of this patchset. > I don't know how their permissions are checked, but I think that swapping /A/B and /C/D should check not only Remove a name from directory A Add a name to directory C but also Add a name to directory A Remove a name from directory C using their security labels. Without making changes to security/*/ directory, SELinux/SMACK/TOMOYO/AppArmor might fail to check the latter permissions. Please get confirmation from LSM people before you merge this change to linux-next tree. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
