Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753114AbWKCE5i (ORCPT ); Thu, 2 Nov 2006 23:57:38 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753115AbWKCE5i (ORCPT ); Thu, 2 Nov 2006 23:57:38 -0500 Received: from omx2-ext.sgi.com ([192.48.171.19]:36499 "EHLO omx2.sgi.com") by vger.kernel.org with ESMTP id S1753114AbWKCE5h (ORCPT ); Thu, 2 Nov 2006 23:57:37 -0500 Date: Fri, 03 Nov 2006 14:57:33 +1000 From: Timothy Shimmin To: Andreas Gruenbacher cc: linux-kernel@vger.kernel.org, Gerard Neil , Dave Kleikamp , Linus Torvalds , Andrew Morton Subject: Re: [PATCH] Fix user.* xattr permission check for sticky dirs Message-ID: In-Reply-To: <200611022251.21816.agruen@suse.de> References: <200611021724.02886.agruen@suse.de> <20061102112741.e1bb88c9.akpm@osdl.org> <200611022251.21816.agruen@suse.de> X-Mailer: Mulberry/4.0.6 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1767 Lines: 45 Hi Andreas, --On 2 November 2006 10:51:21 PM +0100 Andreas Gruenbacher wrote: > On Thursday 02 November 2006 20:27, Andrew Morton wrote: >> On Thu, 2 Nov 2006 17:24:02 +0100 >> >> Andreas Gruenbacher wrote: >> > The user.* extended attributes are only allowed on regular files and >> > directories. Sticky directories further restrict write access to the >> > owner and privileged users. (See the attr(5) man page for an >> > explanation.) >> > >> > The original check in ext2/ext3 when user.* xattrs were merged was more >> > restrictive than intended, and when the xattr permission checks were >> > moved into the VFS, read access to user.* attributes on sticky directores >> > ended up being denied in addition. >> >> Am struggling to understand the impact of this. I assume this problem was >> introduced on Jan 9 by e0ad7b073eb7317e5afe0385b02dcb1d52a1eedf "move xattr >> permission checks into the VFS"? > > Commits e0ad7b073eb7317e5afe0385b02dcb1d52a1eedf and > c37ef806a3e1c0bca65fd03b7590d56d19625da4 move the following check from > ext3_xattr_user_set() to xattr_permission(), which is used in vfs_getxattr() > as well as xfs_setxattr() and vfs_removexattr(), > so this added the check to > the xfs_getxattr() path by accident: > > [] if (!S_ISREG(inode->i_mode) && > [] (!S_ISDIR(inode->i_mode) || inode->i_mode & S_ISVTX)) > [] return -EPERM; > > Now, I'm a bit confused. xfs_getxattr? I see the "correct" version of the test in xfs_attr.c/attr_user_capable(). --Tim - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/