Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp48856pxk; Tue, 15 Sep 2020 17:25:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwgAACWFWZ/clYRHZXnUmejeMlu1EJSUZ9ox3e+5lcq0cOs1UxZ5upn3jNoBcNkUNNjcCFM X-Received: by 2002:a50:c8cd:: with SMTP id k13mr25290607edh.387.1600215956868; Tue, 15 Sep 2020 17:25:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600215956; cv=none; d=google.com; s=arc-20160816; b=UYouvX8XMkYD4DKk7SWcakbslx+dp52QpsRU1oBJ4T/QsPIVEzzizllFw/M0T4j784 Aa8xQpek4LEN3bX/d7TZFzkoJPbWCmNP4SSqKJz7GPVXCuXP55xLUhksg8XyMGRwHgyK QowFS1dWs1rRHodwvbyA2MbcHBzRTCjvUAYoJgcqFApjH0ABS8YGGzJpzeTdrsfNvWRj ohG6zvr+kGOnDitVRmzqq04KTBwawCtF9fdBQ5KNzeMm0++3Ab37HiW/Bc8J91aFuEj0 vCCamUMW2LABBsfNKtx0zubOkTazA85VCAUYiJex4SCoqgdZRTzXoU+6f3Yr/bxxhlBI 2KTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=5pvcht25WXDPQ0svjTqvEQneziFwk3s6ItV6xqU/uOU=; b=F1ivR9bW6UbwBmyL3A7oB+9728b4POIWZVMbLi+LEbiMBMzvlkvBGMn1cUcrzyjbFy 5UqtaRpB8nmfeLReXpZuu/BAcwuUSCBmC+eKL1NBVDDTeMbkwNkLMFcjSzx5JeG6TKdd yt8za51dXvPhX024oC9XhijLY2J45wjn4VpEA3wp7WC1+P8Vrwgho2Dfomc5QYNMgTOw DHj9XkO4Jr+mg7Pkxb3N3XPyTegT1DrLBsWNrKlSWqOyBxD83HXSoZA7tZbLGSI1jL0R i3XhuVD9ZcNrwHvkz5A0qL2Gg3cjOVBfaaiNXeqyAOoffmkp9R2V09uJGSZgWZZSLoEi Crow== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x26si10433877edi.79.2020.09.15.17.25.34; Tue, 15 Sep 2020 17:25:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727150AbgIPAXH (ORCPT + 99 others); Tue, 15 Sep 2020 20:23:07 -0400 Received: from brightrain.aerifal.cx ([216.12.86.13]:53988 "EHLO brightrain.aerifal.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727313AbgIPAWz (ORCPT ); Tue, 15 Sep 2020 20:22:55 -0400 Date: Tue, 15 Sep 2020 20:22:54 -0400 From: Rich Felker To: linux-api@vger.kernel.org Cc: Alexander Viro , Christoph Hellwig , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 1/2] vfs: block chmod of symlinks Message-ID: <20200916002253.GP3265@brightrain.aerifal.cx> References: <20200916002157.GO3265@brightrain.aerifal.cx> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200916002157.GO3265@brightrain.aerifal.cx> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org It was discovered while implementing userspace emulation of fchmodat AT_SYMLINK_NOFOLLOW (using O_PATH and procfs magic symlinks; otherwise it's not possible to target symlinks with chmod operations) that some filesystems erroneously allow access mode of symlinks to be changed, but return failure with EOPNOTSUPP (see glibc issue #14578 and commit a492b1e5ef). This inconsistency is non-conforming and wrong, and the consensus seems to be that it was unintentional to allow link modes to be changed in the first place. Signed-off-by: Rich Felker --- fs/open.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/open.c b/fs/open.c index 9af548fb841b..cdb7964aaa6e 100644 --- a/fs/open.c +++ b/fs/open.c @@ -570,6 +570,12 @@ int chmod_common(const struct path *path, umode_t mode) struct iattr newattrs; int error; + /* Block chmod from getting to fs layer. Ideally the fs would either + * allow it or fail with EOPNOTSUPP, but some are buggy and return + * an error but change the mode, which is non-conforming and wrong. */ + if (S_ISLNK(inode->i_mode)) + return -EOPNOTSUPP; + error = mnt_want_write(path->mnt); if (error) return error; -- 2.21.0