From: Jan Kara <jack@suse.cz>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org, ceph-devel@vger.kernel.org,
Miklos Szeredi <miklos@szeredi.hu>, Jan Kara <jack@suse.cz>,
xfs@oss.sgi.com
Subject: [PATCH 0/5] fs: Avoid premature clearing of file capabilities
Date: Thu, 26 May 2016 18:19:55 +0200 [thread overview]
Message-ID: <1464279600-13009-1-git-send-email-jack@suse.cz> (raw)
Hello,
this patch series is my attempt to fix an issue when user can clear capabilites
of arbitrary file he can look up for example by running chown on it (this got
assigned CVE-2015-1350). The problem is that we call security_inode_killpriv()
before checking permissions in inode_change_ok(). This patch set moves
that call into inode_change_ok() after permissions are checked - the only
trouble is that we need to give dentry instead of inode there and that is
not completely trivial in some cases - I'd like to have a review from XFS,
Ceph, and FUSE people to verify I didn't miss anything. Anyway, have a look
how the result looks like...
Honza
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next reply other threads:[~2016-05-26 16:20 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-26 16:19 Jan Kara [this message]
2016-05-26 16:19 ` [PATCH 1/5] xfs: Propagate dentry down to inode_change_ok() Jan Kara
2016-05-26 21:53 ` Dave Chinner
2016-05-27 16:12 ` Jan Kara
2016-05-29 22:36 ` Dave Chinner
2016-05-26 16:19 ` [PATCH 2/5] ceph: " Jan Kara
2016-05-26 16:19 ` [PATCH 3/5] fuse: " Jan Kara
2016-05-26 16:42 ` Miklos Szeredi
2016-05-26 16:19 ` [PATCH 4/5] fs: Give dentry to inode_change_ok() instead of inode Jan Kara
2016-05-26 16:20 ` [PATCH 5/5] fs: Avoid premature clearing of capabilities Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1464279600-13009-1-git-send-email-jack@suse.cz \
--to=jack@suse.cz \
--cc=ceph-devel@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@ZenIV.linux.org.uk \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox