On Fri, Jan 27, 2017 at 7:47 PM, Andy Lutomirski <luto@xxxxxxxxxx> wrote: > On Wed, May 25, 2016 at 2:49 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: >> On Wed, May 25, 2016 at 02:36:57PM -0700, Kees Cook wrote: >> >>> Hm, this didn't end up getting picked up. (This jumped out at me again >>> because i_mutex just vanished...) >>> >>> Al, what's the right way to update the locking in this patch? >> >> ->i_mutex is dealt with just by using lock_inode(inode)/unlock_inode(inode); >> I hadn't looked at the rest of the locking in there. > > Ping? > > If this is too messy, I'm wondering if we could get away with a much > simpler approach: clear the suid and sgid bits when the file is opened > for write. I think that'll break something, but I don't have any actual examples. Regardless, I'd still like to see this hole fixed... -Kees -- Kees Cook Pixel Security -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
