Apply this patch in the linux/fs directory.... I don't know how many
people use append only files, but I certainly do.
And before anyone comes out with "but it's not that serious because
securelevel isn't implemented", think about it: there are good reasons why
you might want to place this restriction on files owned by mere users
rather than root.
Chris
--- namei.c.old Tue Aug 12 15:28:05 1997
+++ namei.c Tue Aug 12 15:35:24 1997
@@ -6,6 +6,8 @@
/*
* Some corrections by tytso.
+ *
+ * Aug 97 - cevans - fix security problem with O_TRUNC and append only files
*/
#include <asm/segment.h>
@@ -424,8 +426,9 @@
}
/*
* An append-only file must be opened in append mode for writing
+ * Additionally, we must disallow O_TRUNC -- cevans
*/
- if (IS_APPEND(inode) && ((flag & FMODE_WRITE) && !(flag & O_APPEND))) {
+ if (IS_APPEND(inode) && (((flag & FMODE_WRITE) && !(flag & O_APPEND)) || (flag & O_TRUNC))) {
iput(inode);
return -EPERM;
}