* [patch] ADJ_OFFSET_SS_READ and capabilities [not found] <485DF41E.9020909@gmail.com> @ 2008-06-22 7:32 ` Michael Kerrisk 2008-06-30 22:07 ` john stultz 2008-06-22 7:33 ` [patch] adjtimex() modes argument checking Michael Kerrisk 1 sibling, 1 reply; 4+ messages in thread From: Michael Kerrisk @ 2008-06-22 7:32 UTC (permalink / raw) To: Michael Kerrisk Cc: Roman Zippel, lkml, john stultz, Thomas Gleixner, Ingo Molnar Hi Roman, John, ADJ_OFFSET_SS_READ is a read-only operation. Therefore, it seems reasonable not to require any capability (as is the case when 'modes' is zero. See the patch below. Does this change seem reasonable? Cheers, Michael --- linux-2.6.26-rc5/kernel/time/ntp.c 2008-06-13 11:16:51.000000000 +0200 +++ linux-2.6.26-rc5-p/kernel/time/ntp.c 2008-06-22 07:31:43.000000000 +0200 @@ -281,7 +281,8 @@ int result; /* In order to modify anything, you gotta be super-user! */ - if (txc->modes && !capable(CAP_SYS_TIME)) + if (txc->modes && txc->modes != ADJ_OFFSET_SS_READ && + !capable(CAP_SYS_TIME)) return -EPERM; /* Now we validate the data before disabling interrupts */ ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch] ADJ_OFFSET_SS_READ and capabilities 2008-06-22 7:32 ` [patch] ADJ_OFFSET_SS_READ and capabilities Michael Kerrisk @ 2008-06-30 22:07 ` john stultz 2008-07-21 10:38 ` Michael Kerrisk 0 siblings, 1 reply; 4+ messages in thread From: john stultz @ 2008-06-30 22:07 UTC (permalink / raw) To: Michael Kerrisk; +Cc: Roman Zippel, lkml, Thomas Gleixner, Ingo Molnar On Sun, 2008-06-22 at 09:32 +0200, Michael Kerrisk wrote: > Hi Roman, John, > > ADJ_OFFSET_SS_READ is a read-only operation. Therefore, it seems > reasonable not to require any capability (as is the case when 'modes' > is zero. See the patch below. Does this change seem reasonable? > > Cheers, > > Michael > > --- linux-2.6.26-rc5/kernel/time/ntp.c 2008-06-13 11:16:51.000000000 +0200 > +++ linux-2.6.26-rc5-p/kernel/time/ntp.c 2008-06-22 07:31:43.000000000 +0200 > @@ -281,7 +281,8 @@ > int result; > > /* In order to modify anything, you gotta be super-user! */ > - if (txc->modes && !capable(CAP_SYS_TIME)) > + if (txc->modes && txc->modes != ADJ_OFFSET_SS_READ && > + !capable(CAP_SYS_TIME)) > return -EPERM; > > /* Now we validate the data before disabling interrupts */ > Hey Michael, This seems like an ok change, but we'd first want to fix the issue you pointed out earlier which would make sure adjtimex() read calls don't cause side effects. thanks -john ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [patch] ADJ_OFFSET_SS_READ and capabilities 2008-06-30 22:07 ` john stultz @ 2008-07-21 10:38 ` Michael Kerrisk 0 siblings, 0 replies; 4+ messages in thread From: Michael Kerrisk @ 2008-07-21 10:38 UTC (permalink / raw) To: john stultz Cc: Michael Kerrisk, Roman Zippel, lkml, Thomas Gleixner, Ingo Molnar On Tue, Jul 1, 2008 at 12:07 AM, john stultz <johnstul@us.ibm.com> wrote: > > On Sun, 2008-06-22 at 09:32 +0200, Michael Kerrisk wrote: >> Hi Roman, John, >> >> ADJ_OFFSET_SS_READ is a read-only operation. Therefore, it seems >> reasonable not to require any capability (as is the case when 'modes' >> is zero. See the patch below. Does this change seem reasonable? >> >> Cheers, >> >> Michael >> >> --- linux-2.6.26-rc5/kernel/time/ntp.c 2008-06-13 11:16:51.000000000 +0200 >> +++ linux-2.6.26-rc5-p/kernel/time/ntp.c 2008-06-22 07:31:43.000000000 +0200 >> @@ -281,7 +281,8 @@ >> int result; >> >> /* In order to modify anything, you gotta be super-user! */ >> - if (txc->modes && !capable(CAP_SYS_TIME)) >> + if (txc->modes && txc->modes != ADJ_OFFSET_SS_READ && >> + !capable(CAP_SYS_TIME)) >> return -EPERM; >> >> /* Now we validate the data before disabling interrupts */ >> > > > Hey Michael, > This seems like an ok change, but we'd first want to fix the issue you > pointed out earlier which would make sure adjtimex() read calls don't > cause side effects. John, Roman, Are you pushing this into 2.6.27-rc1? Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ man-pages online: http://www.kernel.org/doc/man-pages/online_pages.html Found a bug? http://www.kernel.org/doc/man-pages/reporting_bugs.html ^ permalink raw reply [flat|nested] 4+ messages in thread
* [patch] adjtimex() modes argument checking [not found] <485DF41E.9020909@gmail.com> 2008-06-22 7:32 ` [patch] ADJ_OFFSET_SS_READ and capabilities Michael Kerrisk @ 2008-06-22 7:33 ` Michael Kerrisk 1 sibling, 0 replies; 4+ messages in thread From: Michael Kerrisk @ 2008-06-22 7:33 UTC (permalink / raw) To: Roman Zippel; +Cc: lkml, john stultz, Thomas Gleixner, Ingo Molnar Hi Roman, I see you added a number of new modes to adtimex() in 2.6.26-rc. Since these are userspace-visible changes, please CC me, so that they stand a chance of getting documented in man-pages. (I discovered these changes only by accident.) I also have some changes to suggest for argument checking, which, if I understand the code correctly, prevent obvious screw-ups by callers of adjtimex(). What do you think of the patch below? Cheers, Michael --- linux-2.6.26-rc6/kernel/time/ntp.c 2008-06-22 09:05:05.000000000 +0200 +++ linux-2.6.26-rc6-p/kernel/time/ntp.c 2008-06-22 09:04:31.000000000 +0200 @@ -292,6 +292,16 @@ return -EINVAL; } + /* These modes are the converse of one another */ + + if ((txc->modes & ADJ_MICRO) && (txc->modes & ADJ_NANO)) + return -EINVAL; + + /* Both of the following want to use txc->constant */ + + if ((txc->modes & ADJ_TIMECONST) && (txc->modes & ADJ_TAI)) + return -EINVAL; + /* if the quartz is off by more than 10% something is VERY wrong ! */ if (txc->modes & ADJ_TICK) if (txc->tick < 900000/USER_HZ || ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-07-21 10:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <485DF41E.9020909@gmail.com>
2008-06-22 7:32 ` [patch] ADJ_OFFSET_SS_READ and capabilities Michael Kerrisk
2008-06-30 22:07 ` john stultz
2008-07-21 10:38 ` Michael Kerrisk
2008-06-22 7:33 ` [patch] adjtimex() modes argument checking Michael Kerrisk
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox