From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
Christoph Hellwig <hch@infradead.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Cc: David Woodhouse <dwmw2@infradead.org>, linux-mtd@lists.infradead.org
Subject: [PATCH v3 3/7] jffs2: Add missing capability check for listing trusted xattrs
Date: Sun, 4 Oct 2015 19:18:50 +0200 [thread overview]
Message-ID: <1443979134-7279-4-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1443979134-7279-1-git-send-email-agruenba@redhat.com>
The vfs checks if a task has the appropriate access for get and set
operations, but it cannot do that for the list operation; the file system
must check for that itself.
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: linux-mtd@lists.infradead.org
---
fs/jffs2/xattr_trusted.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/jffs2/xattr_trusted.c b/fs/jffs2/xattr_trusted.c
index ceaf9c6..bbd20c1 100644
--- a/fs/jffs2/xattr_trusted.c
+++ b/fs/jffs2/xattr_trusted.c
@@ -39,6 +39,9 @@ static size_t jffs2_trusted_listxattr(struct dentry *dentry, char *list,
{
size_t retlen = XATTR_TRUSTED_PREFIX_LEN + name_len + 1;
+ if (!capable(CAP_SYS_ADMIN))
+ return 0;
+
if (list && retlen<=list_size) {
strcpy(list, XATTR_TRUSTED_PREFIX);
strcpy(list + XATTR_TRUSTED_PREFIX_LEN, name);
--
2.5.0
next prev parent reply other threads:[~2015-10-04 17:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-04 17:18 [PATCH v3 0/7] Pass xattr handler to xattr handler operations Andreas Gruenbacher
2015-10-04 17:18 ` [PATCH v3 1/7] ubifs: Remove unused security xattr handler Andreas Gruenbacher
2015-10-04 17:18 ` [PATCH v3 2/7] hfsplus: Remove unused xattr handler list operations Andreas Gruenbacher
2015-10-04 17:18 ` Andreas Gruenbacher [this message]
2015-10-04 17:18 ` [PATCH v3 4/7] xattr handlers: Pass handler to operations instead of flags Andreas Gruenbacher
2015-10-04 17:18 ` [PATCH v3 5/7] 9p: xattr simplifications Andreas Gruenbacher
2015-10-04 17:18 ` [PATCH v3 6/7] squashfs: " Andreas Gruenbacher
2015-10-04 17:18 ` [PATCH v3 7/7] f2fs: " Andreas Gruenbacher
2015-10-04 17:18 ` Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1443979134-7279-4-git-send-email-agruenba@redhat.com \
--to=agruenba@redhat.com \
--cc=dwmw2@infradead.org \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.