Re: [PATCH] utimensat() non-conformances and fixes [v3]
From: Michael Kerrisk <hidden>
Date: 2008-06-03 11:05:31
Also in:
linux-fsdevel, lkml
From: Michael Kerrisk <hidden>
Date: 2008-06-03 11:05:31
Also in:
linux-fsdevel, lkml
Hi Miklos,
2) I've found yet another divergence from the spec -- but this
was in the original implementation, rather than being
something that has been introduced. In do_futimes() there is
if (!times && !(file->f_mode & FMODE_WRITE))
write_error = -EACCES;
However, the check here should not be against the f_mode (file access
mode), but the against actual permission of the file referred to by
the underlying descriptor. This means that for the do_futimes() +
times==NULL case, a set-user-ID root program could open a file
descriptor O_RDWR/O_WRONLY for which the real UID does not have write
access, and then even after reverting the the effective UID, the real
user could still update file.
I'm not sure of the correct way to get the required nameidata (to do a
vfs_permission() call) from the file descriptor. Can you give me a
tip there?Could you point me at the right way of doing this? Cheers, Michael