[patch] vfs: make security_inode_setattr() calling consistent

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [patch] vfs: make security_inode_setattr() calling consistent
@ 2008-07-30 12:06 Miklos Szeredi
  2008-07-30 14:37 ` Stephen Smalley
  0 siblings, 1 reply; 3+ messages in thread
From: Miklos Szeredi @ 2008-07-30 12:06 UTC (permalink / raw)
  To: viro; +Cc: akpm, jmorris, sds, linux-security-module, linux-fsdevel,
	linux-kernel

From: Miklos Szeredi <mszeredi@suse.cz>

Call security_inode_setattr() consistetly before inode_change_ok().
It doesn't make sense to try to "optimize" the i_op->setattr == NULL
case, as most filesystem do define their own setattr function.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
---
 fs/attr.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Index: linux-2.6/fs/attr.c
===================================================================
--- linux-2.6.orig/fs/attr.c	2008-07-30 13:52:35.000000000 +0200
+++ linux-2.6/fs/attr.c	2008-07-30 13:52:41.000000000 +0200
@@ -159,17 +159,17 @@ int notify_change(struct dentry * dentry
 	if (!(attr->ia_valid & ~(ATTR_KILL_SUID | ATTR_KILL_SGID)))
 		return 0;
 
+	error = security_inode_setattr(dentry, attr);
+	if (error)
+		return error;
+
 	if (ia_valid & ATTR_SIZE)
 		down_write(&dentry->d_inode->i_alloc_sem);
 
 	if (inode->i_op && inode->i_op->setattr) {
-		error = security_inode_setattr(dentry, attr);
-		if (!error)
-			error = inode->i_op->setattr(dentry, attr);
+		error = inode->i_op->setattr(dentry, attr);
 	} else {
 		error = inode_change_ok(inode, attr);
-		if (!error)
-			error = security_inode_setattr(dentry, attr);
 		if (!error) {
 			if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
 			    (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [patch] vfs: make security_inode_setattr() calling consistent
  2008-07-30 12:06 [patch] vfs: make security_inode_setattr() calling consistent Miklos Szeredi
@ 2008-07-30 14:37 ` Stephen Smalley
  2008-07-30 21:52   ` James Morris
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2008-07-30 14:37 UTC (permalink / raw)
  To: Miklos Szeredi
  Cc: viro, akpm, jmorris, linux-security-module, linux-fsdevel,
	linux-kernel


On Wed, 2008-07-30 at 14:06 +0200, Miklos Szeredi wrote:
> From: Miklos Szeredi <mszeredi@suse.cz>
> 
> Call security_inode_setattr() consistetly before inode_change_ok().
> It doesn't make sense to try to "optimize" the i_op->setattr == NULL
> case, as most filesystem do define their own setattr function.
> 
> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>

Unfortunate since we'd prefer to have the DAC checks applied first, and
since inode_change_ok() may alter the ia_mode in response to those
checks, but it does seem inconsistent at present and it doesn't yield
any difference in the ltp selinux testsuite results.

Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>

> ---
>  fs/attr.c |   10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> Index: linux-2.6/fs/attr.c
> ===================================================================
> --- linux-2.6.orig/fs/attr.c	2008-07-30 13:52:35.000000000 +0200
> +++ linux-2.6/fs/attr.c	2008-07-30 13:52:41.000000000 +0200
> @@ -159,17 +159,17 @@ int notify_change(struct dentry * dentry
>  	if (!(attr->ia_valid & ~(ATTR_KILL_SUID | ATTR_KILL_SGID)))
>  		return 0;
>  
> +	error = security_inode_setattr(dentry, attr);
> +	if (error)
> +		return error;
> +
>  	if (ia_valid & ATTR_SIZE)
>  		down_write(&dentry->d_inode->i_alloc_sem);
>  
>  	if (inode->i_op && inode->i_op->setattr) {
> -		error = security_inode_setattr(dentry, attr);
> -		if (!error)
> -			error = inode->i_op->setattr(dentry, attr);
> +		error = inode->i_op->setattr(dentry, attr);
>  	} else {
>  		error = inode_change_ok(inode, attr);
> -		if (!error)
> -			error = security_inode_setattr(dentry, attr);
>  		if (!error) {
>  			if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
>  			    (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
-- 
Stephen Smalley
National Security Agency


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [patch] vfs: make security_inode_setattr() calling consistent
  2008-07-30 14:37 ` Stephen Smalley
@ 2008-07-30 21:52   ` James Morris
  0 siblings, 0 replies; 3+ messages in thread
From: James Morris @ 2008-07-30 21:52 UTC (permalink / raw)
  To: Stephen Smalley
  Cc: Miklos Szeredi, viro, Andrew Morton, linux-security-module,
	linux-fsdevel, linux-kernel

On Wed, 30 Jul 2008, Stephen Smalley wrote:

> Unfortunate since we'd prefer to have the DAC checks applied first, and
> since inode_change_ok() may alter the ia_mode in response to those
> checks, but it does seem inconsistent at present and it doesn't yield
> any difference in the ltp selinux testsuite results.

No LSM seems to be using ia_mode, so that aspect is ok.  The DAC checks 
are generally not being applied first currently, so common case behaviour 
doesn't change with this patch.

Acked-by: James Morris <jmorris@namei.org>

-- 
James Morris
<jmorris@namei.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2008-07-30 21:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-07-30 12:06 [patch] vfs: make security_inode_setattr() calling consistent Miklos Szeredi
2008-07-30 14:37 ` Stephen Smalley
2008-07-30 21:52   ` James Morris

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).