[PATCH] RAMFS NOMMU: missed POSIX UID/GID inode attribute checking

[PATCH] RAMFS NOMMU: missed POSIX UID/GID inode attribute checking

Post by Bryan W » Wed, 06 Jun 2007 12:10:14


From: Bryan Wu < XXXX@XXXXX.COM >

This bug was caught by LTP testcase fchmod06 on Blackfin platform.

In the manpage of fchmod, "EPERM: The effective UID does not match the
owner of the file, and the process is not privileged (Linux: it does not
have the CAP_FOWNER capability)."

But the ramfs nommu code missed the inode_change_ok POSIX UID/GID
verification. This patch fixed this.

Signed-off-by: Bryan Wu < XXXX@XXXXX.COM >
Cc: David Howells < XXXX@XXXXX.COM >
---
fs/ramfs/file-nommu.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/fs/ramfs/file-nommu.c b/fs/ramfs/file-nommu.c
index 9345a46..5d258c4 100644
--- a/fs/ramfs/file-nommu.c
+++ b/fs/ramfs/file-nommu.c
@@ -195,6 +195,11 @@ static int ramfs_nommu_setattr(struct dentry *dentry, struct iattr *ia)
unsigned int old_ia_valid = ia->ia_valid;
int ret = 0;

+ /* POSIX UID/GID verification for setting inode attributes */
+ ret = inode_change_ok(inode, ia);
+ if (ret)
+ return ret;
+
/* by providing our own setattr() method, we skip this quotaism */
if ((old_ia_valid & ATTR_UID && ia->ia_uid != inode->i_uid) ||
(old_ia_valid & ATTR_GID && ia->ia_gid != inode->i_gid))
--
1.5.2

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to XXXX@XXXXX.COM
More majordomo info at http://www.yqcomputer.com/
Please read the FAQ at http://www.yqcomputer.com/
 
 
 

1. star, extended attributes, UID and GID ...

2. [PATCH 3/5] NOMMU: Fix execution off of ramfs with mmap() [try #2]

From: David Howells < XXXX@XXXXX.COM >

Fix execution through the FDPIC binfmt of programs stored on ramfs by
preventing the ramfs mmap() returning successfully on a private mapping of a
ramfs file. This causes NOMMU mmap to make a copy of the mapped portion of the
file and map that instead.

This could be improved by granting direct mapping access to read-only private
mappings for which the data is stored on a contiguous run of pages. However,
this is only likely to be the case if the file was extended with truncate
before being written.

ramfs is left to map the file directly for shared mappings so that SYSV IPC
and POSIX shared memory both still work.

Signed-Off-By: David Howells < XXXX@XXXXX.COM >
---

fs/ramfs/file-nommu.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ramfs/file-nommu.c b/fs/ramfs/file-nommu.c
index 99fffc9..677139b 100644
--- a/fs/ramfs/file-nommu.c
+++ b/fs/ramfs/file-nommu.c
@@ -283,9 +283,9 @@ unsigned long ramfs_nommu_get_unmapped_a

/*****************************************************************************/
/*
- * set up a mapping
+ * set up a mapping for shared memory segments
*/
int ramfs_nommu_mmap(struct file *file, struct vm_area_struct *vma)
{
- return 0;
+ return vma->vm_flags & VM_SHARED ? 0 : -ENOSYS;
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to XXXX@XXXXX.COM
More majordomo info at http://www.yqcomputer.com/
Please read the FAQ at http://www.yqcomputer.com/

3. [PATCH 11/14] get_unmapped_area handles MAP_FIXED on ramfs (nommu)

4. [PATCH 1/3] NOMMU: Provide shared-writable mmap support on ramfs

5. [PATCH] [RAMFS NOMMU]: a bug in ramfs_nommu_resize function, passing old size to vmtruncate

6. [PATCH 11/14] get_unmapped_area handles MAP_FIXED on ramfs (nommu)

7. [PATCH] [RAMFS NOMMU]: a bug in ramfs_nommu_resize function, passing old size to vmtruncate

8. [RFC/PATCH 11/15] get_unmapped_area handles MAP_FIXED on ramfs (nommu)

9. [PATCH 3/6] NOMMU: Fix execution off of ramfs with mmap() [try #3]

10. [PATCH 3/5] NOMMU: Fix execution off of ramfs with mmap()

11. [PATCH 2/8] NOMMU: Fix execution off of ramfs with mmap() [try #4]

12. [patch 5/5] Disallow in-inode attributes for reserved inodes

13. NFS4 export missing UID/GIDs

14. [PATCH 12/14] kbuild: add support for squashing uid/gid in gen_initramfs_list.sh

15. [linux-cifs-client] [PATCH] cifs: reinstate original behavior when uid=/gid= options are specified