Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3772517ybb; Mon, 13 Apr 2020 15:15:59 -0700 (PDT) X-Google-Smtp-Source: APiQypL/IUPyHgfEc+rqI+Ga1nGyN3ltYTPe2vw33zvf5w2Z8oLz3fOVRCtkd/YygU5xMn76Dlb6 X-Received: by 2002:a17:906:2f8e:: with SMTP id w14mr18022172eji.85.1586816158845; Mon, 13 Apr 2020 15:15:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586816158; cv=none; d=google.com; s=arc-20160816; b=pyCQ64XFerS8GTV36/lMjqC5frX89PC4ybI8NVfcD9B92A1+Jj7FB5/ptpJnTXmEY2 0IhXe7wrmCUdNJq2LS7REAOe0iE3deqtCWszXBf2cDiCfKj9/LkHc7tTrrfMfe9I13EZ UMDb4kJppPwfvol0zXuJsD4Kz0/WlZV5Lg3fQWJejczAwoTfE0Dc7ClNrqDAQbCYkK0c ITGyGBNg5NVppXSmX2sz07Fbozij2zLMZEv5fV12SByXAiOETYHIYnUib3uZfZ6+7JZv h2D2Ki+fVC53kcXCSc5GFn/cSwowO3joViaGU7ozuyt1fMXZkv78u2VbSzr9xDMo1a+3 ppZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:content-transfer-encoding:mime-version :message-id:date:subject:cc:from:dkim-signature; bh=7WjND0ct9WXfnmUwrPTBzmeuopYzO4yH6lk3AAONsNw=; b=kCkbRXNO7znrYyxMLk7KplF8HKxC7Q7Drhbmdi5A7nc+IiAF/xX+xpKy3H4cK/Qfxg gmc+t86DKsjCoZoawrYyZFb8kjSvYtEoKSulatbfdSVZAfWcDTU/3sWOiMpBIETvyQcX MHw5ls+fzjh9w4Gap8wIA+2Go/rQYgUKGZ9VVHvtnafr8PSVG8NnOxOilbOnIfjETHKv utgYkPUTIvvxTptD1r2O1+h+sbIFN3GWYh1uInbSwreD1Afg3CDUdo4USzT+KQrJ9pIV PLVqsw1xnJfX6Swf4KIoswhMg3ZmxCBJpoaWjlYxwR6CJkt/IUEPII1mM9kp4fspA/wy Ghew== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@daurnimator.com header.s=daurnimator header.b="WEk/2JRp"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l12si7286279edn.309.2020.04.13.15.15.35; Mon, 13 Apr 2020 15:15:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@daurnimator.com header.s=daurnimator header.b="WEk/2JRp"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728122AbgDMJEm (ORCPT + 99 others); Mon, 13 Apr 2020 05:04:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55400 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1727814AbgDMJEl (ORCPT ); Mon, 13 Apr 2020 05:04:41 -0400 X-Greylist: delayed 414 seconds by postgrey-1.27 at vger.kernel.org; Mon, 13 Apr 2020 05:04:41 EDT Received: from mail-pf1-x444.google.com (mail-pf1-x444.google.com [IPv6:2607:f8b0:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E71EEC014CDB for ; Mon, 13 Apr 2020 01:57:46 -0700 (PDT) Received: by mail-pf1-x444.google.com with SMTP id n10so4248242pff.3 for ; Mon, 13 Apr 2020 01:57:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daurnimator.com; s=daurnimator; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=7WjND0ct9WXfnmUwrPTBzmeuopYzO4yH6lk3AAONsNw=; b=WEk/2JRpJ4RFJsvyAWO9EICaAyMaTsqpoYex5Fe9WikBDqfQsj3Ujrar0RXoKWweXF t9PESt9EfmZuQCBz8auC08Oh0YKGi2DPtN+yK+yRCRaOiDCH19VPpxmPMrTDD98uhRmw OrlOVgQhX22mG3fbDBoG835NgT3zWT1tSVCNM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=7WjND0ct9WXfnmUwrPTBzmeuopYzO4yH6lk3AAONsNw=; b=PIxBtIJvA1SzWrLJhbfoQm0BSkVmIxw/+yq1K7ABbGqnrH2LJHiAFEOqVGw+79yysO LeRynpo+RuxI/FL1Bgdd6FCFsCB5i0fv7MipP8SdQecZUqrVCvAsOnwrJvKadhdwFvBJ +rdNaUzZAGymGoHHXsAPFMjX2WmMeD7cExYbdeeWq3X3SPGYuT1eOLxPUUn8dqw13x8T JKXmVNNOg2Eb2zQKlH1HUNCcuYvvnBpPEvMp5G3RK/sOBGYq2oX2JLrxsoFuLYBnF0gD Fpp+Qxsju+hw5QP/s+CDpokO6EKswRpEuLoOqcWx9m7FpqiJl/wB8bE8hCy43i09s7Ks QdGA== X-Gm-Message-State: AGi0Puaoa17/JtLIfKguP/1g4F7KTBzBTRPEgyjQeuRyh0aAAW/mLEGj agUcW136wuqcfi/a1OgYkIETqUbfdco= X-Received: by 2002:a62:2783:: with SMTP id n125mr17816801pfn.133.1586768266373; Mon, 13 Apr 2020 01:57:46 -0700 (PDT) Received: from localhost ([124.19.8.131]) by smtp.gmail.com with ESMTPSA id a2sm315136pgk.90.2020.04.13.01.57.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Apr 2020 01:57:45 -0700 (PDT) From: daurnimator Cc: quae@daurnimator.com, Alexander Viro , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] fs: only pass valid chmod mode_t bits to security_path_chmod Date: Mon, 13 Apr 2020 18:56:45 +1000 Message-Id: <20200413085645.135829-1-quae@daurnimator.com> X-Mailer: git-send-email 2.26.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit To: unlisted-recipients:; (no To-header on input) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org chmod only pays attention to some of the flags in umode_t, don't pass on irrelevant flags to security_path_chmod. Signed-off-by: daurnimator --- fs/open.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/open.c b/fs/open.c index b69d6eed67e6..a2d8bee88a3c 100644 --- a/fs/open.c +++ b/fs/open.c @@ -551,12 +551,13 @@ static int chmod_common(const struct path *path, umode_t mode) error = mnt_want_write(path->mnt); if (error) return error; + mode &= S_IALLUGO; retry_deleg: inode_lock(inode); error = security_path_chmod(path, mode); if (error) goto out_unlock; - newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); + newattrs.ia_mode = mode | (inode->i_mode & ~S_IALLUGO); newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; error = notify_change(path->dentry, &newattrs, &delegated_inode); out_unlock: -- 2.26.0