Re: 2.6.22-rc6(mm1) Unable to handle kernel NULL pointer dereference - git-bisect result

[Al Viro]

On Sun, Jul 08, 2007 at 10:41:46AM -0700, Ulrich Drepper wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Al Viro wrote:
> > Like hell.  At the very least you want it to be opened for write.
> > And even that is dubious, since "process has write access to file"
> > is not quite the same thing as "somebody had given the process a
> > descriptor opened for write".
> 
> But the real permissions tests are performed in notify_change.  I think
> all this is consistent with how, for instance, fchmod works.  The
> additional tests in fchmod which aren't here (IS_RDONLY and IS_APPEND)
> would also apply to the case where a file name is given.  So, either the
> code was inconsistent already are these tests are really not needed.

Yes, it's either that, or you haven't bothered to read what it really
does.  ATTR_UID et.al. are checked in inode_change_ok().  So is
ATTR_MTIME_SET (only owner can explicitly set timestamps).  ATTR_MTIME
is not and *should* *not* be checked there.  Exactly because it's
done as a side effect of many operations with access control of their
own and nothing that could be pushed down into notify_change() path.
Think of e.g. write(2) - by the time you get to notify_change(), you
don't even have a file descriptor.  Just the dentry and process writing
to file doesn't have to have *any* permissions on it.

Hell, _try_ it.  Build the kernel with your patch and without it.
Call utimes() with NULL second argument on a file you have no write
access to.  See if the timestamps change.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/