* Re: [PATCH] fs: Fix S_NOSEC handling
[not found] <1417644091-17334-1-git-send-email-jack@suse.cz>
@ 2015-05-18 19:55 ` Linus Torvalds
2015-05-19 8:36 ` Jan Kara
0 siblings, 1 reply; 2+ messages in thread
From: Linus Torvalds @ 2015-05-18 19:55 UTC (permalink / raw)
To: Jan Kara; +Cc: Al Viro, stable
Going through old emails.
This never went anywhere - Al?
That said, the patch looks dubious. If nothing else, shouldn't it use
the helper function we have, and do something like
if (!error)
inode_has_no_xattr(inode);
instead?
Linus
On Wed, Dec 3, 2014 at 2:01 PM, Jan Kara <jack@suse.cz> wrote:
> file_remove_suid() could mistakenly set S_NOSEC inode bit when root was
> modifying the file. As a result following writes to the file by ordinary
> user would avoid clearing suid or sgid bits.
>
> Fix the bug by checking actual mode bits before setting S_NOSEC.
>
> CC: stable@vger.kernel.org
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---
> fs/inode.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/inode.c b/fs/inode.c
> index 26753ba7b6d6..f5e01704a5c8 100644
> --- a/fs/inode.c
> +++ b/fs/inode.c
> @@ -1631,7 +1631,8 @@ int file_remove_suid(struct file *file)
> error = security_inode_killpriv(dentry);
> if (!error && killsuid)
> error = __remove_suid(dentry, killsuid);
> - if (!error && (inode->i_sb->s_flags & MS_NOSEC))
> + if (!error && (inode->i_sb->s_flags & MS_NOSEC) &&
> + !is_sxid(inode->i_mode))
> inode->i_flags |= S_NOSEC;
>
> return error;
> --
> 1.8.1.4
>
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] fs: Fix S_NOSEC handling
2015-05-18 19:55 ` [PATCH] fs: Fix S_NOSEC handling Linus Torvalds
@ 2015-05-19 8:36 ` Jan Kara
0 siblings, 0 replies; 2+ messages in thread
From: Jan Kara @ 2015-05-19 8:36 UTC (permalink / raw)
To: Linus Torvalds; +Cc: Jan Kara, Al Viro, stable
On Mon 18-05-15 12:55:37, Linus Torvalds wrote:
> Going through old emails.
>
> This never went anywhere - Al?
No. Later it became part of a larger series
(http://oss.sgi.com/archives/xfs/2015-03/msg00051.html) but Al never got to
merging it.
> That said, the patch looks dubious. If nothing else, shouldn't it use
> the helper function we have, and do something like
>
> if (!error)
> inode_has_no_xattr(inode);
>
> instead?
Yeah, using inode_has_no_xattr() is a good idea. I wasn't aware of that
helper. I'll update the patch and resend.
Honza
> On Wed, Dec 3, 2014 at 2:01 PM, Jan Kara <jack@suse.cz> wrote:
> > file_remove_suid() could mistakenly set S_NOSEC inode bit when root was
> > modifying the file. As a result following writes to the file by ordinary
> > user would avoid clearing suid or sgid bits.
> >
> > Fix the bug by checking actual mode bits before setting S_NOSEC.
> >
> > CC: stable@vger.kernel.org
> > Signed-off-by: Jan Kara <jack@suse.cz>
> > ---
> > fs/inode.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/fs/inode.c b/fs/inode.c
> > index 26753ba7b6d6..f5e01704a5c8 100644
> > --- a/fs/inode.c
> > +++ b/fs/inode.c
> > @@ -1631,7 +1631,8 @@ int file_remove_suid(struct file *file)
> > error = security_inode_killpriv(dentry);
> > if (!error && killsuid)
> > error = __remove_suid(dentry, killsuid);
> > - if (!error && (inode->i_sb->s_flags & MS_NOSEC))
> > + if (!error && (inode->i_sb->s_flags & MS_NOSEC) &&
> > + !is_sxid(inode->i_mode))
> > inode->i_flags |= S_NOSEC;
> >
> > return error;
> > --
> > 1.8.1.4
> >
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-05-19 8:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1417644091-17334-1-git-send-email-jack@suse.cz>
2015-05-18 19:55 ` [PATCH] fs: Fix S_NOSEC handling Linus Torvalds
2015-05-19 8:36 ` Jan Kara
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).