From: Andrew Morton <akpm@linux-foundation.org>
To: "\"J.A. Magallón\"" <jamagallon@ono.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Oops with touch and unknown uid [was Re: 2.6.22-rc6-mm1]
Date: Sun, 22 Jul 2007 23:12:02 -0700 [thread overview]
Message-ID: <20070722231202.b1c4471f.akpm@linux-foundation.org> (raw)
In-Reply-To: <20070722234814.0f792452@werewolf-wl>
On Sun, 22 Jul 2007 23:48:14 +0200 "J.A. Magallón" <jamagallon@ono.com> wrote:
> On Thu, 28 Jun 2007 03:43:21 -0700, Andrew Morton <akpm@linux-foundation.org> wrote:
>
> >
> > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-rc6/2.6.22-rc6-mm1/
> >
>
> I have noticed a funny problem.
> Lets say 666 is not an uid used on you system. This oopses:
>
> rm -f dummy
> touch dummy
> chown 666 dummy
> touch dummy
Does Linus's fix fix it?
commit 1e5de2837c166535f9bb4232bfe97ea1f9fc7a1c
Author: Linus Torvalds <torvalds@woody.linux-foundation.org>
Date: Sun Jul 8 12:02:55 2007 -0700
Fix permission checking for the new utimensat() system call
Commit 1c710c896eb461895d3c399e15bb5f20b39c9073 added the utimensat()
system call, but didn't handle the case of checking for the writability
of the target right, when the target was a file descriptor, not a
filename.
We cannot use vfs_permission(MAY_WRITE) for that case, and need to
simply check whether the file descriptor is writable. The oops from
using the wrong function was noticed and narrowed down by Markus
Trippelsdorf.
Cc: Ulrich Drepper <drepper@redhat.com>
Cc: Markus Trippelsdorf <markus@trippelsdorf.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Al Viro <viro@ftp.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
diff --git a/fs/utimes.c b/fs/utimes.c
index 480f7c8..b3c8895 100644
--- a/fs/utimes.c
+++ b/fs/utimes.c
@@ -106,9 +106,16 @@ long do_utimes(int dfd, char __user *fil
if (IS_IMMUTABLE(inode))
goto dput_and_out;
- if (current->fsuid != inode->i_uid &&
- (error = vfs_permission(&nd, MAY_WRITE)) != 0)
- goto dput_and_out;
+ if (current->fsuid != inode->i_uid) {
+ if (f) {
+ if (!(f->f_mode & FMODE_WRITE))
+ goto dput_and_out;
+ } else {
+ error = vfs_permission(&nd, MAY_WRITE);
+ if (error)
+ goto dput_and_out;
+ }
+ }
}
mutex_lock(&inode->i_mutex);
error = notify_change(dentry, &newattrs);
prev parent reply other threads:[~2007-07-23 6:12 UTC|newest]
Thread overview: 112+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-28 10:43 2.6.22-rc6-mm1 Andrew Morton
2007-06-28 12:08 ` 2.6.22-rc6-mm1 Gabriel C
2007-06-28 17:54 ` 2.6.22-rc6-mm1 Andrew Morton
2007-06-28 13:37 ` [patch -mm] Make check_signature() depend on CONFIG_HAS_IOMEM Heiko Carstens
2007-06-28 18:06 ` Andrew Morton
2007-06-28 18:27 ` Geert Uytterhoeven
2007-06-28 18:38 ` Andrew Morton
2007-06-28 18:47 ` Geert Uytterhoeven
2007-06-28 20:29 ` Andrew Morton
2007-06-28 22:25 ` Alan Cox
2007-06-28 22:45 ` Jeff Dike
2007-06-28 23:01 ` Andrew Morton
2007-06-28 22:51 ` Roman Zippel
2007-06-28 23:12 ` Alan Cox
2007-06-29 0:06 ` Roman Zippel
2007-06-29 13:08 ` Geert Uytterhoeven
2007-06-28 13:39 ` [patch -mm] s390: struct bin_attribute changes Heiko Carstens
2007-06-28 16:04 ` Zhang, Rui
2007-06-28 21:08 ` Greg KH
2007-06-28 13:39 ` [patch -mm] s390: rename CPU_IDLE to S390_CPU_IDLE Heiko Carstens
2007-06-28 15:03 ` Ingo Molnar
2007-06-28 14:49 ` [PATCH 2.6.22-rc6-mm1] compile error when CONFIG_DM_NETLINK is not defined Dave Kleikamp
2007-06-28 15:34 ` Alasdair G Kergon
2007-06-28 19:29 ` 2.6.22-rc6-mm1: multiple definition of `check_reset' Adrian Bunk
2007-06-28 20:01 ` Andrew Morton
2007-06-28 20:09 ` 2.6.22-rc6-mm1: io_apic build error Randy Dunlap
2007-06-28 20:23 ` Andrew Morton
2007-06-28 21:47 ` John Keller
2007-06-28 20:40 ` 2.6.22-rc6-mm1: Xen: WARNING: Absolute relocations present Adrian Bunk
2007-06-28 20:49 ` Jeremy Fitzhardinge
2007-07-01 15:37 ` Eric W. Biederman
2007-07-01 16:33 ` Jeremy Fitzhardinge
2007-07-01 20:23 ` Adrian Bunk
2007-07-01 20:31 ` Eric W. Biederman
2007-07-01 22:13 ` Jeremy Fitzhardinge
2007-06-28 20:40 ` 2.6.22-rc6-mm1 Intel DMAR crash on AMD x86_64 Zan Lynx
2007-06-28 23:50 ` Zach Carter
2007-06-29 12:32 ` 2.6.22-rc6-mm1 Mariusz Kozlowski
2007-06-29 12:54 ` 2.6.22-rc6-mm1 Sergei Shtylyov
2007-07-02 13:49 ` 2.6.22-rc6-mm1 Jason Wessel
2007-07-02 14:23 ` 2.6.22-rc6-mm1 Sergei Shtylyov
2007-07-02 14:45 ` 2.6.22-rc6-mm1 Jason Wessel
2007-07-02 23:21 ` 2.6.22-rc6-mm1 Paul Mackerras
2007-06-29 20:47 ` 2.6.22-rc6-mm1 Andrew Morton
2007-06-30 8:40 ` 2.6.22-rc6-mm1 Michal Marek
2007-06-29 14:17 ` 2.6.22-rc6-mm1 Roman Zippel
2007-06-29 20:58 ` 2.6.22-rc6-mm1 Andrew Morton
2007-07-01 1:48 ` 2.6.22-rc6-mm1 Roman Zippel
2007-06-29 14:50 ` 2.6.22-rc6-mm1 Valdis.Kletnieks
2007-06-29 21:01 ` 2.6.22-rc6-mm1 Andrew Morton
2007-06-30 4:17 ` 2.6.22-rc6-mm1 Valdis.Kletnieks
2007-06-30 5:15 ` 2.6.22-rc6-mm1 Andrew Morton
2007-06-30 16:22 ` 2.6.22-rc6-mm1 Jeremy Fitzhardinge
2007-06-30 21:10 ` 2.6.22-rc6-mm1 Sam Ravnborg
2007-06-30 21:39 ` 2.6.22-rc6-mm1 Andrew Morton
2007-07-01 1:53 ` 2.6.22-rc6-mm1 Roman Zippel
2007-07-03 20:36 ` 2.6.22-rc6-mm1 Andrew Morton
2007-07-01 5:31 ` 2.6.22-rc6-mm1 Satyam Sharma
2007-07-01 6:52 ` 2.6.22-rc6-mm1 Sam Ravnborg
2007-07-01 20:22 ` [-mm patch] fix include/asm-m68k/fb.h Adrian Bunk
2007-07-01 20:22 ` [-mm patch] fix duplicate CONFIG_DMAR Makefile line Adrian Bunk
2007-07-03 0:30 ` Keshavamurthy, Anil S
2007-07-01 20:23 ` [-mm patch] make cpuidle_replace_governor() static Adrian Bunk
2007-07-01 20:23 ` 2.6.22-rc6-mm1: TUNER_TEA5761 kconfig fixes Adrian Bunk
2007-07-01 21:29 ` Michael Krufky
2007-07-01 20:23 ` [-mm patch] unexport bprm_mm_init Adrian Bunk
2007-07-01 20:23 ` [-mm patch] unionfs: make functions static Adrian Bunk
2007-07-02 1:42 ` Josef Sipek
2007-07-02 2:21 ` Satyam Sharma
2007-07-02 2:27 ` Adrian Bunk
2007-07-02 20:38 ` Josef Sipek
2007-07-01 20:23 ` [-mm patch] kernel/power/main.c: make code static Adrian Bunk
2007-07-01 23:12 ` Rafael J. Wysocki
2007-07-01 20:23 ` [-mm patch] make struct dccp_li_cachep static Adrian Bunk
2007-07-01 20:23 ` [-mm patch] unexport mmap_min_addr Adrian Bunk
2007-07-01 22:38 ` James Morris
2007-07-01 20:23 ` [-mm patch] remove security/selinux/hooks.c:enabled_mmap_min_addr Adrian Bunk
2007-07-01 22:39 ` James Morris
2007-07-01 20:24 ` [-mm patch] unexport dvb_pll_configure Adrian Bunk
2007-07-01 21:29 ` Michael Krufky
2007-07-04 19:00 ` 2.6.22-rc6-mm1: Xen + Numa = compile error Adrian Bunk
2007-07-05 0:32 ` [PATCH] xen: can't support numa yet Jeremy Fitzhardinge
2007-07-05 23:22 ` [-mm patch] arch/i386/xen/events.c should #include <asm/xen/hypervisor.h> Adrian Bunk
2007-07-06 0:10 ` Jeremy Fitzhardinge
2007-07-05 23:22 ` [-mm patch] arch/i386/xen/mmu.c must #include <linux/sched.h> Adrian Bunk
2007-07-06 0:08 ` Jeremy Fitzhardinge
2007-07-05 23:22 ` [-mm patch] make arch/i386/xen/mmu.c:xen_pgd_pin() static Adrian Bunk
2007-07-06 0:09 ` Jeremy Fitzhardinge
2007-07-05 23:23 ` [-mm patch] kernel/sched.c: make 2 functions static Adrian Bunk
2007-07-06 14:03 ` kgdb Bad IO access (was: 2.6.22-rc6-mm1) Tilman Schmidt
2007-07-06 16:45 ` Andrew Morton
2007-07-06 17:33 ` kgdb Bad IO access Jason Wessel
2007-07-06 17:51 ` Jason Wessel
2007-07-06 18:15 ` preemption counter havoc on kgdb-taken faults (was: kgdb Bad IO access) Jan Kiszka
2007-07-06 18:24 ` preemption counter havoc on kgdb-taken faults Jason Wessel
2007-07-06 19:19 ` Jan Kiszka
2007-07-06 21:31 ` 2.6.22-rc6-mm1 Badari Pulavarty
2007-07-07 1:50 ` 2.6.22-rc6-mm1: SLUB_DEBUG=n compile error Adrian Bunk
2007-07-07 2:03 ` Christoph Lameter
2007-07-07 2:09 ` Adrian Bunk
2007-07-07 2:13 ` Christoph Lameter
2007-07-07 2:01 ` 2.6.22-rc6-mm1: UNION_FS=y + BLOCK=n = " Adrian Bunk
2007-07-08 11:58 ` Erez Zadok
2007-07-07 8:03 ` 2.6.22-rc6-mm1: git-kgdb breaks sh compilation Adrian Bunk
2007-07-08 5:10 ` Jason Wessel
2007-07-07 21:11 ` [-mm patch] XFS: fix powerpc compat compile error Adrian Bunk
2007-07-09 22:56 ` [-mm patch] fix SND_CS5530=y, ISA=n compilation Adrian Bunk
2007-07-10 9:35 ` Takashi Iwai
2007-07-14 0:58 ` 2.6.22-rc6-mm1 Nish Aravamudan
2007-07-22 21:48 ` Oops with touch and unknown uid [was Re: 2.6.22-rc6-mm1] J.A. Magallón
2007-07-22 23:41 ` Randy Dunlap
2007-07-23 6:12 ` Andrew Morton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070722231202.b1c4471f.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=jamagallon@ono.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox