[PATCH v2 3/7] jffs2: Add missing capability check for listing trusted xattrs

From: Andreas Gruenbacher
Date: Tue Sep 22 2015 - 08:28:32 EST

Next message: Dan Carpenter: "[patch] ACPI / tables: test the correct variable"
Previous message: Andreas Gruenbacher: "[PATCH v2 5/7] 9p: xattr simplifications"
In reply to: Andreas Gruenbacher: "[PATCH v2 5/7] 9p: xattr simplifications"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The vfs checks if a task has the appropriate access for get and set
operations, but it cannot do that for the list operation; the file system
must check for that itself.

Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
---
fs/jffs2/xattr_trusted.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/fs/jffs2/xattr_trusted.c b/fs/jffs2/xattr_trusted.c
index ceaf9c6..bbd20c1 100644
--- a/fs/jffs2/xattr_trusted.c
+++ b/fs/jffs2/xattr_trusted.c
@@ -39,6 +39,9 @@ static size_t jffs2_trusted_listxattr(struct dentry *dentry, char *list,
{
size_t retlen = XATTR_TRUSTED_PREFIX_LEN + name_len + 1;

+ if (!capable(CAP_SYS_ADMIN))
+ return 0;
+
if (list && retlen<=list_size) {
strcpy(list, XATTR_TRUSTED_PREFIX);
strcpy(list + XATTR_TRUSTED_PREFIX_LEN, name);
--
2.4.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dan Carpenter: "[patch] ACPI / tables: test the correct variable"
Previous message: Andreas Gruenbacher: "[PATCH v2 5/7] 9p: xattr simplifications"
In reply to: Andreas Gruenbacher: "[PATCH v2 5/7] 9p: xattr simplifications"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]