Re: [PATCH] utimensat() non-conformances and fixes [v3]

From: Michael Kerrisk
Date: Tue Jun 03 2008 - 07:06:17 EST

Next message: Jan Engelhardt: "Re: Why is the rewritten ramdisk driver called brd instad of rd"
Previous message: hooanon05: "Re: [RFC 0/7] [RFC] cramfs: fake write support"
Next in thread: Miklos Szeredi: "Re: [PATCH] utimensat() non-conformances and fixes [v3]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Miklos,

> 2) I've found yet another divergence from the spec -- but this
> was in the original implementation, rather than being
> something that has been introduced. In do_futimes() there is
>
> if (!times && !(file->f_mode & FMODE_WRITE))
> write_error = -EACCES;
>
> However, the check here should not be against the f_mode (file access
> mode), but the against actual permission of the file referred to by
> the underlying descriptor. This means that for the do_futimes() +
> times==NULL case, a set-user-ID root program could open a file
> descriptor O_RDWR/O_WRONLY for which the real UID does not have write
> access, and then even after reverting the the effective UID, the real
> user could still update file.
>
> I'm not sure of the correct way to get the required nameidata (to do a
> vfs_permission() call) from the file descriptor. Can you give me a
> tip there?

Could you point me at the right way of doing this?

Cheers,

Michael
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jan Engelhardt: "Re: Why is the rewritten ramdisk driver called brd instad of rd"
Previous message: hooanon05: "Re: [RFC 0/7] [RFC] cramfs: fake write support"
Next in thread: Miklos Szeredi: "Re: [PATCH] utimensat() non-conformances and fixes [v3]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]