[patch] security: fix dummy xattr functions
From: Miklos Szeredi
Date: Tue Jul 01 2008 - 16:40:58 EST
Hi James,
If this (untested) patch looks OK, could you please apply it to your
tree?
Thanks,
Miklos
----
From: Miklos Szeredi <mszeredi@xxxxxxx>
Replace open coded xattr checks with cap_inode_xxx() function calls in
dummy_inode_setxattr() and dummy_inode_removexattr(). The old ones
were out of sync with the cap_inode_xxx() implementation, which could
even be a security problem.
Noticed by John Johansen.
CC: John Johansen <jjohansen@xxxxxxx>
Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
---
security/dummy.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
Index: linux-2.6/security/dummy.c
===================================================================
--- linux-2.6.orig/security/dummy.c 2008-07-01 21:44:03.000000000 +0200
+++ linux-2.6/security/dummy.c 2008-07-01 21:51:08.000000000 +0200
@@ -370,11 +370,7 @@ static void dummy_inode_delete (struct i
static int dummy_inode_setxattr (struct dentry *dentry, const char *name,
const void *value, size_t size, int flags)
{
- if (!strncmp(name, XATTR_SECURITY_PREFIX,
- sizeof(XATTR_SECURITY_PREFIX) - 1) &&
- !capable(CAP_SYS_ADMIN))
- return -EPERM;
- return 0;
+ return cap_inode_setxattr(dentry, name, value, size, flags);
}
static void dummy_inode_post_setxattr (struct dentry *dentry, const char *name,
@@ -395,11 +391,7 @@ static int dummy_inode_listxattr (struct
static int dummy_inode_removexattr (struct dentry *dentry, const char *name)
{
- if (!strncmp(name, XATTR_SECURITY_PREFIX,
- sizeof(XATTR_SECURITY_PREFIX) - 1) &&
- !capable(CAP_SYS_ADMIN))
- return -EPERM;
- return 0;
+ return cap_inode_removexattr(dentry, name);
}
static int dummy_inode_need_killpriv(struct dentry *dentry)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/