diff options
| author | Jan Kara <jack@suse.cz> | 2016-12-14 13:24:48 +0100 |
|---|---|---|
| committer | Sasha Levin <alexander.levin@verizon.com> | 2016-12-23 08:56:35 -0500 |
| commit | cb8e1eef351b640cfdb1a753ef44494fbf59186d (patch) | |
| tree | 0082747a79745f6c1b525077d21f796de21692d0 /fs/attr.c | |
| parent | 2ee3ceeccd34c3fe589506c0fd822a8773a828bf (diff) | |
fs: Give dentry to inode_change_ok() instead of inode
[ Upstream commit 31051c85b5e2aaaf6315f74c72a732673632a905 ]
inode_change_ok() will be resposible for clearing capabilities and IMA
extended attributes and as such will need dentry. Give it as an argument
to inode_change_ok() instead of an inode. Also rename inode_change_ok()
to setattr_prepare() to better relect that it does also some
modifications in addition to checks.
References: CVE-2015-1350
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Philipp Hahn <hahn@univention.de>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Diffstat (limited to 'fs/attr.c')
| -rw-r--r-- | fs/attr.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/fs/attr.c b/fs/attr.c index 6530ced19697..85cae17db784 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -17,19 +17,22 @@ #include <linux/ima.h> /** - * inode_change_ok - check if attribute changes to an inode are allowed - * @inode: inode to check + * setattr_prepare - check if attribute changes to a dentry are allowed + * @dentry: dentry to check * @attr: attributes to change * * Check if we are allowed to change the attributes contained in @attr - * in the given inode. This includes the normal unix access permission - * checks, as well as checks for rlimits and others. + * in the given dentry. This includes the normal unix access permission + * checks, as well as checks for rlimits and others. The function also clears + * SGID bit from mode if user is not allowed to set it. Also file capabilities + * and IMA extended attributes are cleared if ATTR_KILL_PRIV is set. * * Should be called as the first thing in ->setattr implementations, * possibly after taking additional locks. */ -int inode_change_ok(const struct inode *inode, struct iattr *attr) +int setattr_prepare(struct dentry *dentry, struct iattr *attr) { + struct inode *inode = d_inode(dentry); unsigned int ia_valid = attr->ia_valid; /* @@ -79,7 +82,7 @@ int inode_change_ok(const struct inode *inode, struct iattr *attr) return 0; } -EXPORT_SYMBOL(inode_change_ok); +EXPORT_SYMBOL(setattr_prepare); /** * inode_newsize_ok - may this inode be truncated to a given size |