Re: [Patch 1/2] selinux: ajust rules for ATTR_FORCE

[Amerigo Wang]

OGAWA Hirofumi wrote:
> [Sorry if this killed thread. My ISP seems to be stopping email server
> now. I've read this email from web archive.]
>
>   
> > > @@ -2711,12 +2711,17 @@ static int selinux_inode_permission(stru
> > >  static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
> > >  {
> > >  	const struct cred *cred = current_cred();
> > > +	unsigned int ia_valid = iattr->ia_valid;
> > >  
> > > -	if (iattr->ia_valid & ATTR_FORCE)
> > > -		return 0;
> > > +	/* ATTR_FORCE is just used for ATTR_KILL_S[UG]ID. */
> > > +	if (ia_valid & ATTR_FORCE) {
> > > +		ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ATTR_MODE);
> > > +		if (!ia_valid)
> > > +			return 0;
> > >   
> > >       
> > So if I read this correctly, (ATTR_FORCE| ATTR_KILL_SUID|ATTR_MODE) will 
> > not return here, since 'ia_valid' will be ATTR_FORCE finally.
> >
> > I think you forgot to clear ATTR_FORCE here...
> >     
>
> Whoops, good catch. Fortunately, it doesn't seem to have actual problem,
> but it's bug obviously, and sorry for that. Fixed patch was attached.
>   

This version looks OK for me! Stephen, any objections?

Thank you!

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/