On Mon 18-05-15 12:55:37, Linus Torvalds wrote: > Going through old emails. > > This never went anywhere - Al? No. Later it became part of a larger series (http://oss.sgi.com/archives/xfs/2015-03/msg00051.html) but Al never got to merging it. > That said, the patch looks dubious. If nothing else, shouldn't it use > the helper function we have, and do something like > > if (!error) > inode_has_no_xattr(inode); > > instead? Yeah, using inode_has_no_xattr() is a good idea. I wasn't aware of that helper. I'll update the patch and resend. Honza > On Wed, Dec 3, 2014 at 2:01 PM, Jan Kara <jack@xxxxxxx> wrote: > > file_remove_suid() could mistakenly set S_NOSEC inode bit when root was > > modifying the file. As a result following writes to the file by ordinary > > user would avoid clearing suid or sgid bits. > > > > Fix the bug by checking actual mode bits before setting S_NOSEC. > > > > CC: stable@xxxxxxxxxxxxxxx > > Signed-off-by: Jan Kara <jack@xxxxxxx> > > --- > > fs/inode.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/fs/inode.c b/fs/inode.c > > index 26753ba7b6d6..f5e01704a5c8 100644 > > --- a/fs/inode.c > > +++ b/fs/inode.c > > @@ -1631,7 +1631,8 @@ int file_remove_suid(struct file *file) > > error = security_inode_killpriv(dentry); > > if (!error && killsuid) > > error = __remove_suid(dentry, killsuid); > > - if (!error && (inode->i_sb->s_flags & MS_NOSEC)) > > + if (!error && (inode->i_sb->s_flags & MS_NOSEC) && > > + !is_sxid(inode->i_mode)) > > inode->i_flags |= S_NOSEC; > > > > return error; > > -- > > 1.8.1.4 > > -- Jan Kara <jack@xxxxxxx> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html