From: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
To: Amerigo Wang <amwang@redhat.com>
Cc: akpm@linux-foundation.org, viro@zeniv.linux.org.uk,
linux-fsdevel@vger.kernel.org, eparis@redhat.com,
esandeen@redhat.com, eteo@redhat.com
Subject: Re: [patch 12/12] vfs: allow file truncations when both suid and write permissions set
Date: Fri, 07 Aug 2009 20:25:04 +0900 [thread overview]
Message-ID: <87ab2bsw6n.fsf@devron.myhome.or.jp> (raw)
In-Reply-To: <87prb7sx8p.fsf@devron.myhome.or.jp> (OGAWA Hirofumi's message of "Fri, 07 Aug 2009 20:02:14 +0900")
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> writes:
> Amerigo Wang <amwang@redhat.com> writes:
>
>>> static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
>>> {
>>> const struct cred *cred = current_cred();
>>>
>>> if (iattr->ia_valid & ATTR_FORCE)
>>> return 0;
>>>
>>> if (iattr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID |
>>> ATTR_ATIME_SET | ATTR_MTIME_SET))
>>> return dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
>>>
>>> return dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
>>> }
>>>
>>> I guess it's assuming the ia_valid doesn't have (ATTR_MODE | ATTR_SIZE),
>>> but truncate() already does it, I don't know whether it's ok.
>>
>> No, here we should only force ATTR_KILL_SUID and/or ATTR_KILL_SGID.
>> do_truncate() has ATTR_SIZE and ATTR_FILE.
>
> I guess security module should do,
>
> ia_valid = iattr->ia_valid;
> if (!(ia_valid & ATTR_FORCE) && (ia_valid & ATTR_FORCE_MASK)) {
> err = dentry_has_perm(cred, NULL, dentry, FILE__SETATTR);
> if (err)
> return err;
> ia_valid &= ~ATTR_FORCE_MASK;
> }
> if (ia_valid & ATTR_NOT_FORCE_MASK)
> err = dentry_has_perm(cred, NULL, dentry, FILE__WRITE);
> return err;
>
> or something. Because do_truncate() already do (ATTR_MODE | ATTR_SIZE)
> without ATTR_FORCE.
BTW, it seems original code doesn't check ATTR_SIZE if (ATTR_MODE |
ATTR_SIZE), right? So, ATTR_FORCE is just forcing ATTR_MODE, but I
guess that's problem itself.
Thanks.
--
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
next prev parent reply other threads:[~2009-08-07 11:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-06 23:10 [patch 12/12] vfs: allow file truncations when both suid and write permissions set akpm
2009-08-07 2:32 ` OGAWA Hirofumi
2009-08-07 3:21 ` Amerigo Wang
2009-08-07 4:17 ` OGAWA Hirofumi
2009-08-07 5:49 ` OGAWA Hirofumi
2009-08-07 9:20 ` Amerigo Wang
2009-08-07 11:06 ` OGAWA Hirofumi
2009-08-07 9:27 ` Amerigo Wang
2009-08-07 11:02 ` OGAWA Hirofumi
2009-08-07 11:25 ` OGAWA Hirofumi [this message]
2009-08-10 2:00 ` Amerigo Wang
2009-08-10 4:34 ` OGAWA Hirofumi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ab2bsw6n.fsf@devron.myhome.or.jp \
--to=hirofumi@mail.parknet.co.jp \
--cc=akpm@linux-foundation.org \
--cc=amwang@redhat.com \
--cc=eparis@redhat.com \
--cc=esandeen@redhat.com \
--cc=eteo@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox