Commit 1e5de283 authored by Linus Torvalds's avatar Linus Torvalds

Fix permission checking for the new utimensat() system call

Commit 1c710c89 added the utimensat()
system call, but didn't handle the case of checking for the writability
of the target right, when the target was a file descriptor, not a
filename.

We cannot use vfs_permission(MAY_WRITE) for that case, and need to
simply check whether the file descriptor is writable.  The oops from
using the wrong function was noticed and narrowed down by Markus
Trippelsdorf.

Cc: Ulrich Drepper <drepper@redhat.com>
Cc: Markus Trippelsdorf <markus@trippelsdorf.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Acked-by: default avatarAl Viro <viro@ftp.linux.org.uk>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 4e99325b
...@@ -106,9 +106,16 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags ...@@ -106,9 +106,16 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags
if (IS_IMMUTABLE(inode)) if (IS_IMMUTABLE(inode))
goto dput_and_out; goto dput_and_out;
if (current->fsuid != inode->i_uid && if (current->fsuid != inode->i_uid) {
(error = vfs_permission(&nd, MAY_WRITE)) != 0) if (f) {
goto dput_and_out; if (!(f->f_mode & FMODE_WRITE))
goto dput_and_out;
} else {
error = vfs_permission(&nd, MAY_WRITE);
if (error)
goto dput_and_out;
}
}
} }
mutex_lock(&inode->i_mutex); mutex_lock(&inode->i_mutex);
error = notify_change(dentry, &newattrs); error = notify_change(dentry, &newattrs);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment