Commit 3093d39c authored by Linus Torvalds's avatar Linus Torvalds Committed by Greg Kroah-Hartman

Use access mode instead of open flags to determine needed permissions (CVE-2008-0001)

patch 974a9f0b in mainline

Way back when (in commit 834f2a4a, aka
"VFS: Allow the filesystem to return a full file pointer on open intent"
to be exact), Trond changed the open logic to keep track of the original
flags to a file open, in order to pass down the the intent of a dentry
lookup to the low-level filesystem.

However, when doing that reorganization, it changed the meaning of
namei_flags, and thus inadvertently changed the test of access mode for
directories (and RO filesystem) to use the wrong flag.  So fix those
test back to use access mode ("acc_mode") rather than the open flag
("flag").

Issue noticed by Bill Roman at Datalight.
Reported-and-tested-by: default avatarBill Roman <bill.roman@datalight.com>
Acked-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
Acked-by: default avatarAl Viro <viro@ZenIV.linux.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent eae2a53f
...@@ -1576,7 +1576,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag) ...@@ -1576,7 +1576,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag)
if (S_ISLNK(inode->i_mode)) if (S_ISLNK(inode->i_mode))
return -ELOOP; return -ELOOP;
if (S_ISDIR(inode->i_mode) && (flag & FMODE_WRITE)) if (S_ISDIR(inode->i_mode) && (acc_mode & MAY_WRITE))
return -EISDIR; return -EISDIR;
error = vfs_permission(nd, acc_mode); error = vfs_permission(nd, acc_mode);
...@@ -1595,7 +1595,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag) ...@@ -1595,7 +1595,7 @@ int may_open(struct nameidata *nd, int acc_mode, int flag)
return -EACCES; return -EACCES;
flag &= ~O_TRUNC; flag &= ~O_TRUNC;
} else if (IS_RDONLY(inode) && (flag & FMODE_WRITE)) } else if (IS_RDONLY(inode) && (acc_mode & MAY_WRITE))
return -EROFS; return -EROFS;
/* /*
* An append-only file must be opened in append mode for writing. * An append-only file must be opened in append mode for writing.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment