Commit 3bd858ab authored by Satyam Sharma's avatar Satyam Sharma Committed by Linus Torvalds
Browse files

Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check 



Introduce is_owner_or_cap() macro in fs.h, and convert over relevant
users to it. This is done because we want to avoid bugs in the future
where we check for only effective fsuid of the current task against a
file's owning uid, without simultaneously checking for CAP_FOWNER as
well, thus violating its semantics.
[ XFS uses special macros and structures, and in general looked ...
untouchable, so we leave it alone -- but it has been looked over. ]

The (current->fsuid != inode->i_uid) check in generic_permission() and
exec_permission_lite() is left alone, because those operations are
covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations
falling under the purview of CAP_CHOWN and CAP_LEASE are also left alone.

Signed-off-by: default avatarSatyam Sharma <ssatyam@cse.iitk.ac.in>
Cc: Al Viro <viro@ftp.linux.org.uk>
Acked-by: default avatarSerge E. Hallyn <serge@hallyn.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 49c13b51

fs/attr.c

+2 −2
Original line number Diff line number Diff line
@@ -42,7 +42,7 @@ int inode_change_ok(struct inode *inode, struct iattr *attr) 


	/* Make sure a caller can chmod. */

	if (ia_valid & ATTR_MODE) {

		if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))

		if (!is_owner_or_cap(inode))

			goto error;

		/* Also check the setgid bit! */

		if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid :
@@ -52,7 +52,7 @@ int inode_change_ok(struct inode *inode, struct iattr *attr) 


	/* Check for setting the inode time. */

	if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) {

		if (current->fsuid != inode->i_uid && !capable(CAP_FOWNER))

		if (!is_owner_or_cap(inode))

			goto error;

	}

fine:

fs/ext2/acl.c

+1 −1
Original line number Diff line number Diff line
@@ -464,7 +464,7 @@ ext2_xattr_set_acl(struct inode *inode, int type, const void *value, 


	if (!test_opt(inode->i_sb, POSIX_ACL))

		return -EOPNOTSUPP;

	if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))

	if (!is_owner_or_cap(inode))

		return -EPERM;



	if (value) {

fs/ext2/ioctl.c

+2 −2
Original line number Diff line number Diff line
@@ -36,7 +36,7 @@ int ext2_ioctl (struct inode * inode, struct file * filp, unsigned int cmd, 
		if (IS_RDONLY(inode))

			return -EROFS;



		if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))

		if (!is_owner_or_cap(inode))

			return -EACCES;



		if (get_user(flags, (int __user *) arg))
@@ -74,7 +74,7 @@ int ext2_ioctl (struct inode * inode, struct file * filp, unsigned int cmd, 
	case EXT2_IOC_GETVERSION:

		return put_user(inode->i_generation, (int __user *) arg);

	case EXT2_IOC_SETVERSION:

		if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))

		if (!is_owner_or_cap(inode))

			return -EPERM;

		if (IS_RDONLY(inode))

			return -EROFS;

fs/ext3/acl.c

+1 −1
Original line number Diff line number Diff line
@@ -489,7 +489,7 @@ ext3_xattr_set_acl(struct inode *inode, int type, const void *value, 


	if (!test_opt(inode->i_sb, POSIX_ACL))

		return -EOPNOTSUPP;

	if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))

	if (!is_owner_or_cap(inode))

		return -EPERM;



	if (value) {

fs/ext3/ioctl.c

+3 −3
Original line number Diff line number Diff line
@@ -41,7 +41,7 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd, 
		if (IS_RDONLY(inode))

			return -EROFS;



		if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))

		if (!is_owner_or_cap(inode))

			return -EACCES;



		if (get_user(flags, (int __user *) arg))
@@ -122,7 +122,7 @@ flags_err: 
		__u32 generation;

		int err;



		if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))

		if (!is_owner_or_cap(inode))

			return -EPERM;

		if (IS_RDONLY(inode))

			return -EROFS;
@@ -181,7 +181,7 @@ flags_err: 
		if (IS_RDONLY(inode))

			return -EROFS;



		if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))

		if (!is_owner_or_cap(inode))

			return -EACCES;



		if (get_user(rsv_window_size, (int __user *)arg))

CRA Git | Maintained and supported by SUSTech CRA and CCSE