Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759778AbYFCW0x (ORCPT ); Tue, 3 Jun 2008 18:26:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1758818AbYFCWZz (ORCPT ); Tue, 3 Jun 2008 18:25:55 -0400 Received: from mu-out-0910.google.com ([209.85.134.189]:19831 "EHLO mu-out-0910.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758804AbYFCWZx (ORCPT ); Tue, 3 Jun 2008 18:25:53 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:user-agent:mime-version:to:subject:content-type:content-transfer-encoding:from; b=Yq5x7+ekKiN5XMA14uduWjTjLQZUhYBencdwTE9PXIZVu8vSssXOOqgrsnSfNl3uZcqcq5C2bjk4eUZLDVoBdMi+zgEpjAmJWWGtOchd0Un6MjSgDC1josrwBcOlZuLdqqdPIR3oYh2fCfFuC5dddUe5SrQ26sRxhclpHyVF8yY= Message-ID: <4845C4D2.8050408@gmail.com> Date: Wed, 04 Jun 2008 00:25:22 +0200 User-Agent: Thunderbird 2.0.0.6 (X11/20070801) MIME-Version: 1.0 To: Andrew Morton , lkml , Christoph Hellwig , Miklos Szeredi , Al Viro , jamie@shareable.org, Ulrich Drepper , linux-fsdevel@vger.kernel.org, Subrata Modak Subject: [parch 4/4] vfs: utimensat(): fix write access check for futimens() Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit From: Michael Kerrisk Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2179 Lines: 56 The POSIX.1 draft spec for futimens()/utimensat() says: Only a process with the effective user ID equal to the user ID of the file, *or with write access to the file*, or with appropriate privileges may use futimens() or utimensat() with a null pointer as the times argument or with both tv_nsec fields set to the special value UTIME_NOW. The important piece here is "with write access to the file", and this matters for futimens(), which deals with an argument that is a file descriptor referring to the file whose timestamps are being updated, The standard is saying that the "writability" check is based on the file permissions, not the access mode with which the file is opened. (This behavior is consistent with the semantics of FreeBSD's futimes().) However, Linux is currently doing the latter -- futimens(fd, times) is a library function implemented as utimensat(fd, NULL, times, 0) and within the utimensat() implementation we have the code: f = fget(dfd); // dfd is 'fd' ... if (f) { if (!(f->f_mode & FMODE_WRITE)) goto mnt_drop_write_and_out; The check should instead be based on the file permissions. Thanks to Miklos for pointing out how to do this check. CC: Miklos Szeredi CC: Al Viro CC: Ulrich Drepper Signed-off-by: Michael Kerrisk --- linux-2.6.26-rc4/fs/utimes.c 2008-06-03 23:13:31.000000000 +0200 +++ linux-2.6.26-rc4-utimensat-fix-v4/fs/utimes.c 2008-06-03 23:15:12.000000000 +0200 @@ -137,7 +137,8 @@ if (!is_owner_or_cap(inode)) { if (f) { - if (!(f->f_mode & FMODE_WRITE)) + error = permission(inode, MAY_WRITE, NULL); + if (error) goto mnt_drop_write_and_out; } else { error = vfs_permission(&nd, MAY_WRITE); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/