* [PATCH 1/1] Filter out erroneous POSIX ACLs
@ 2017-02-24 9:20 anton
2017-02-24 14:47 ` Burton, Ross
0 siblings, 1 reply; 3+ messages in thread
From: anton @ 2017-02-24 9:20 UTC (permalink / raw)
To: poky; +Cc: seebs
From: Anton Gerasimov <anton@advancedtelematic.com>
The difference between what we see in pseudo and what happens without
pseudo can be seen by typing:
mkdir setfattr-test
setfattr -n system.posix_acl_default -v 0x02000000 setfattr-test
getfattr -n system.posix_acl_default setfattr-test
Under some kernel configurations this difference leads to annoying
errors, e.g. directories copied with 'cp -a' get broken in a fancy way.
Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com>
---
ports/linux/xattr/pseudo_wrappers.c | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/ports/linux/xattr/pseudo_wrappers.c b/ports/linux/xattr/pseudo_wrappers.c
index 46bc053..31a6baf 100644
--- a/ports/linux/xattr/pseudo_wrappers.c
+++ b/ports/linux/xattr/pseudo_wrappers.c
@@ -64,7 +64,7 @@ posix_permissions(const acl_header *header, int entries, int *extra, int *mode)
if (le32(header->version) != 2) {
pseudo_diag("Fatal: ACL support no available for header version %d.\n",
le32(header->version));
- return 1;
+ return -1;
}
*mode = 0;
*extra = 0;
@@ -140,12 +140,27 @@ static int shared_setxattr(const char *path, int fd, const char *name, const voi
pseudo_debug(PDBGF_XATTR, "setxattr(%s [fd %d], %s => '%.*s')\n",
path ? path : "<no path>", fd, name, (int) size, (char *) value);
+ /* Filter out erroneous sizes for POSIX ACL
+ * see posix_acl_xattr_count in include/linux/posix_acl_xattr.h of Linux source code */
+ if (!strcmp(name, "system.posix_acl_access") || !strcmp(name, "system.posix_acl_default")) {
+ // ACL is corrupt, issue an error
+ if(size < sizeof(acl_header) || (size - sizeof(acl_header)) % sizeof(acl_entry) != 0) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ // ACL is empty, do nothing
+ if((size - sizeof(acl_header)) / sizeof(acl_entry) == 0) {
+ return 0;
+ }
+ }
/* this may be a plain chmod */
if (!strcmp(name, "system.posix_acl_access")) {
int extra;
int mode;
int entries = (size - sizeof(acl_header)) / sizeof(acl_entry);
- if (!posix_permissions(value, entries, &extra, &mode)) {
+ int res = posix_permissions(value, entries, &extra, &mode);
+ if (res == 0) {
pseudo_debug(PDBGF_XATTR, "posix_acl_access translated to mode %04o. Remaining attribute(s): %d.\n",
mode, extra);
buf.st_mode = mode;
@@ -164,8 +179,12 @@ static int shared_setxattr(const char *path, int fd, const char *name, const voi
if (!extra) {
return 0;
}
+ } else if (res == -1) {
+ errno = EOPNOTSUPP;
+ return -1;
}
}
+
if (!strcmp(name, "user.pseudo_data")) {
pseudo_debug(PDBGF_XATTR | PDBGF_XATTRDB, "user.pseudo_data xattribute does not get to go in database.\n");
return -1;
--
2.11.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] Filter out erroneous POSIX ACLs
2017-02-24 14:47 ` Burton, Ross
@ 2017-02-24 14:43 ` Anton Gerasimov
0 siblings, 0 replies; 3+ messages in thread
From: Anton Gerasimov @ 2017-02-24 14:43 UTC (permalink / raw)
To: Burton, Ross; +Cc: Seebs, Poky Project
[-- Attachment #1: Type: text/plain, Size: 4926 bytes --]
Hi Ross,
thanks, I'll resubmit to yocto.
Best,
Anton
On 02/24/2017 03:47 PM, Burton, Ross wrote:
> Hi Anton,
>
> Thanks for the patch, but this should go to the yocto@ list, not poky@.
>
> Also please ensure that the subject line has [pseudo] in so that Peter
> notices it!
>
> Ross
>
> On 24 February 2017 at 09:20, <anton@advancedtelematic.com
> <mailto:anton@advancedtelematic.com>> wrote:
>
> From: Anton Gerasimov <anton@advancedtelematic.com
> <mailto:anton@advancedtelematic.com>>
>
> The difference between what we see in pseudo and what happens without
> pseudo can be seen by typing:
>
> mkdir setfattr-test
> setfattr -n system.posix_acl_default -v 0x02000000 setfattr-test
> getfattr -n system.posix_acl_default setfattr-test
>
> Under some kernel configurations this difference leads to annoying
> errors, e.g. directories copied with 'cp -a' get broken in a fancy
> way.
>
> Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com
> <mailto:anton@advancedtelematic.com>>
> ---
> ports/linux/xattr/pseudo_wrappers.c | 23 +++++++++++++++++++++--
> 1 file changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/ports/linux/xattr/pseudo_wrappers.c
> b/ports/linux/xattr/pseudo_wrappers.c
> index 46bc053..31a6baf 100644
> --- a/ports/linux/xattr/pseudo_wrappers.c
> +++ b/ports/linux/xattr/pseudo_wrappers.c
> @@ -64,7 +64,7 @@ posix_permissions(const acl_header *header, int
> entries, int *extra, int *mode)
> if (le32(header->version) != 2) {
> pseudo_diag("Fatal: ACL support no available for
> header version %d.\n",
> le32(header->version));
> - return 1;
> + return -1;
> }
> *mode = 0;
> *extra = 0;
> @@ -140,12 +140,27 @@ static int shared_setxattr(const char *path,
> int fd, const char *name, const voi
> pseudo_debug(PDBGF_XATTR, "setxattr(%s [fd %d], %s =>
> '%.*s')\n",
> path ? path : "<no path>", fd, name, (int) size,
> (char *) value);
>
> + /* Filter out erroneous sizes for POSIX ACL
> + * see posix_acl_xattr_count in
> include/linux/posix_acl_xattr.h of Linux source code */
> + if (!strcmp(name, "system.posix_acl_access") ||
> !strcmp(name, "system.posix_acl_default")) {
> + // ACL is corrupt, issue an error
> + if(size < sizeof(acl_header) || (size -
> sizeof(acl_header)) % sizeof(acl_entry) != 0) {
> + errno = EINVAL;
> + return -1;
> + }
> +
> + // ACL is empty, do nothing
> + if((size - sizeof(acl_header)) / sizeof(acl_entry)
> == 0) {
> + return 0;
> + }
> + }
> /* this may be a plain chmod */
> if (!strcmp(name, "system.posix_acl_access")) {
> int extra;
> int mode;
> int entries = (size - sizeof(acl_header)) /
> sizeof(acl_entry);
> - if (!posix_permissions(value, entries, &extra,
> &mode)) {
> + int res = posix_permissions(value, entries,
> &extra, &mode);
> + if (res == 0) {
> pseudo_debug(PDBGF_XATTR,
> "posix_acl_access translated to mode %04o. Remaining attribute(s):
> %d.\n",
> mode, extra);
> buf.st_mode = mode;
> @@ -164,8 +179,12 @@ static int shared_setxattr(const char *path,
> int fd, const char *name, const voi
> if (!extra) {
> return 0;
> }
> + } else if (res == -1) {
> + errno = EOPNOTSUPP;
> + return -1;
> }
> }
> +
> if (!strcmp(name, "user.pseudo_data")) {
> pseudo_debug(PDBGF_XATTR | PDBGF_XATTRDB,
> "user.pseudo_data xattribute does not get to go in database.\n");
> return -1;
> --
> 2.11.1
>
> --
> _______________________________________________
> poky mailing list
> poky@yoctoproject.org <mailto:poky@yoctoproject.org>
> https://lists.yoctoproject.org/listinfo/poky
> <https://lists.yoctoproject.org/listinfo/poky>
>
>
--
Anton Gerasimov, ATS Advanced Telematic Systems GmbH
Kantstrasse 162, 10623 Berlin
Managing Directors: Dirk Pöschl, Armin G. Schmidt
Register Court: HRB 151501 B, Amtsgericht Charlottenburg
[-- Attachment #2: Type: text/html, Size: 7779 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] Filter out erroneous POSIX ACLs
2017-02-24 9:20 [PATCH 1/1] Filter out erroneous POSIX ACLs anton
@ 2017-02-24 14:47 ` Burton, Ross
2017-02-24 14:43 ` Anton Gerasimov
0 siblings, 1 reply; 3+ messages in thread
From: Burton, Ross @ 2017-02-24 14:47 UTC (permalink / raw)
To: anton; +Cc: Seebs, Poky Project
[-- Attachment #1: Type: text/plain, Size: 3997 bytes --]
Hi Anton,
Thanks for the patch, but this should go to the yocto@ list, not poky@.
Also please ensure that the subject line has [pseudo] in so that Peter
notices it!
Ross
On 24 February 2017 at 09:20, <anton@advancedtelematic.com> wrote:
> From: Anton Gerasimov <anton@advancedtelematic.com>
>
> The difference between what we see in pseudo and what happens without
> pseudo can be seen by typing:
>
> mkdir setfattr-test
> setfattr -n system.posix_acl_default -v 0x02000000 setfattr-test
> getfattr -n system.posix_acl_default setfattr-test
>
> Under some kernel configurations this difference leads to annoying
> errors, e.g. directories copied with 'cp -a' get broken in a fancy way.
>
> Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com>
> ---
> ports/linux/xattr/pseudo_wrappers.c | 23 +++++++++++++++++++++--
> 1 file changed, 21 insertions(+), 2 deletions(-)
>
> diff --git a/ports/linux/xattr/pseudo_wrappers.c
> b/ports/linux/xattr/pseudo_wrappers.c
> index 46bc053..31a6baf 100644
> --- a/ports/linux/xattr/pseudo_wrappers.c
> +++ b/ports/linux/xattr/pseudo_wrappers.c
> @@ -64,7 +64,7 @@ posix_permissions(const acl_header *header, int entries,
> int *extra, int *mode)
> if (le32(header->version) != 2) {
> pseudo_diag("Fatal: ACL support no available for header
> version %d.\n",
> le32(header->version));
> - return 1;
> + return -1;
> }
> *mode = 0;
> *extra = 0;
> @@ -140,12 +140,27 @@ static int shared_setxattr(const char *path, int fd,
> const char *name, const voi
> pseudo_debug(PDBGF_XATTR, "setxattr(%s [fd %d], %s => '%.*s')\n",
> path ? path : "<no path>", fd, name, (int) size, (char *)
> value);
>
> + /* Filter out erroneous sizes for POSIX ACL
> + * see posix_acl_xattr_count in include/linux/posix_acl_xattr.h
> of Linux source code */
> + if (!strcmp(name, "system.posix_acl_access") || !strcmp(name,
> "system.posix_acl_default")) {
> + // ACL is corrupt, issue an error
> + if(size < sizeof(acl_header) || (size -
> sizeof(acl_header)) % sizeof(acl_entry) != 0) {
> + errno = EINVAL;
> + return -1;
> + }
> +
> + // ACL is empty, do nothing
> + if((size - sizeof(acl_header)) / sizeof(acl_entry) == 0) {
> + return 0;
> + }
> + }
> /* this may be a plain chmod */
> if (!strcmp(name, "system.posix_acl_access")) {
> int extra;
> int mode;
> int entries = (size - sizeof(acl_header)) /
> sizeof(acl_entry);
> - if (!posix_permissions(value, entries, &extra, &mode)) {
> + int res = posix_permissions(value, entries, &extra, &mode);
> + if (res == 0) {
> pseudo_debug(PDBGF_XATTR, "posix_acl_access
> translated to mode %04o. Remaining attribute(s): %d.\n",
> mode, extra);
> buf.st_mode = mode;
> @@ -164,8 +179,12 @@ static int shared_setxattr(const char *path, int fd,
> const char *name, const voi
> if (!extra) {
> return 0;
> }
> + } else if (res == -1) {
> + errno = EOPNOTSUPP;
> + return -1;
> }
> }
> +
> if (!strcmp(name, "user.pseudo_data")) {
> pseudo_debug(PDBGF_XATTR | PDBGF_XATTRDB,
> "user.pseudo_data xattribute does not get to go in database.\n");
> return -1;
> --
> 2.11.1
>
> --
> _______________________________________________
> poky mailing list
> poky@yoctoproject.org
> https://lists.yoctoproject.org/listinfo/poky
>
[-- Attachment #2: Type: text/html, Size: 5344 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-24 14:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-24 9:20 [PATCH 1/1] Filter out erroneous POSIX ACLs anton
2017-02-24 14:47 ` Burton, Ross
2017-02-24 14:43 ` Anton Gerasimov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.