On Wed, Oct 16, 2013 at 12:05:28AM -0700, Christoph Hellwig wrote:
> On Wed, Oct 16, 2013 at 08:36:18AM +1100, Dave Chinner wrote:
> > Sure, but file_remove_suid() doesn't actually modify any VFS inode
> > structures until we process the flags and the modifications within
> > ->setattr, which in XFS are all done under the XFS_ILOCK_EXCL via
> > xfs_setattr_mode(). i.e. both the VFS and XFS inodes S*ID bits are
> > removed only under XFS_ILOCK_EXCL....
>
> It can set S_NOSEC after calling into ->setattr at least.
>
> > Hence I see no point in adding extra serialisation via the i_mutex
> > to this path when we can just do something like:
> >
> > killsuid = should_remove_suid(file->f_path.dentry);
> > if (killsuid) {
> > struct iattr newattr;
> >
> > newattr.ia_valid = ATTR_FORCE | killsuid;
> > error = xfs_setattr_nonsize(ip, &newattr, 0);
> > if (error)
> > return error;
> > }
>
> We'd still need all the other magic in file_remove_suid, which I don't
> actually quite undersdtand fully yet.
The killpriv calls? I couldn't find anything that implemented those
security hooks nor any documentation about it, so I'm pretty much
clueless about it. FWIW, ocfs2 doesn't implement them, either....
Cheers,
Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx
_______________________________________________
xfs mailing list
xfs@xxxxxxxxxxx
http://oss.sgi.com/mailman/listinfo/xfs
