Re: [PATCH] fs: Fix S_NOSEC handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Going through old emails.

This never went anywhere - Al?

That said, the patch looks dubious. If nothing else, shouldn't it use
the helper function we have, and do something like

    if (!error)
        inode_has_no_xattr(inode);

instead?

              Linus

On Wed, Dec 3, 2014 at 2:01 PM, Jan Kara <jack@xxxxxxx> wrote:
> file_remove_suid() could mistakenly set S_NOSEC inode bit when root was
> modifying the file. As a result following writes to the file by ordinary
> user would avoid clearing suid or sgid bits.
>
> Fix the bug by checking actual mode bits before setting S_NOSEC.
>
> CC: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Jan Kara <jack@xxxxxxx>
> ---
>  fs/inode.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/inode.c b/fs/inode.c
> index 26753ba7b6d6..f5e01704a5c8 100644
> --- a/fs/inode.c
> +++ b/fs/inode.c
> @@ -1631,7 +1631,8 @@ int file_remove_suid(struct file *file)
>                 error = security_inode_killpriv(dentry);
>         if (!error && killsuid)
>                 error = __remove_suid(dentry, killsuid);
> -       if (!error && (inode->i_sb->s_flags & MS_NOSEC))
> +       if (!error && (inode->i_sb->s_flags & MS_NOSEC) &&
> +           !is_sxid(inode->i_mode))
>                 inode->i_flags |= S_NOSEC;
>
>         return error;
> --
> 1.8.1.4
>
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]