diff options
author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-08 15:02:55 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-08 15:02:55 -0400 |
commit | 1e5de2837c166535f9bb4232bfe97ea1f9fc7a1c (patch) | |
tree | 333a9686bbebefd85e1854f1b234a0fc0f75d77b | |
parent | 4e99325b462ba18075768582621af74a6b79d2a5 (diff) |
Fix permission checking for the new utimensat() system call
Commit 1c710c896eb461895d3c399e15bb5f20b39c9073 added the utimensat()
system call, but didn't handle the case of checking for the writability
of the target right, when the target was a file descriptor, not a
filename.
We cannot use vfs_permission(MAY_WRITE) for that case, and need to
simply check whether the file descriptor is writable. The oops from
using the wrong function was noticed and narrowed down by Markus
Trippelsdorf.
Cc: Ulrich Drepper <drepper@redhat.com>
Cc: Markus Trippelsdorf <markus@trippelsdorf.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Al Viro <viro@ftp.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/utimes.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/fs/utimes.c b/fs/utimes.c index 480f7c8c29d..b3c88952465 100644 --- a/fs/utimes.c +++ b/fs/utimes.c | |||
@@ -106,9 +106,16 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags | |||
106 | if (IS_IMMUTABLE(inode)) | 106 | if (IS_IMMUTABLE(inode)) |
107 | goto dput_and_out; | 107 | goto dput_and_out; |
108 | 108 | ||
109 | if (current->fsuid != inode->i_uid && | 109 | if (current->fsuid != inode->i_uid) { |
110 | (error = vfs_permission(&nd, MAY_WRITE)) != 0) | 110 | if (f) { |
111 | goto dput_and_out; | 111 | if (!(f->f_mode & FMODE_WRITE)) |
112 | goto dput_and_out; | ||
113 | } else { | ||
114 | error = vfs_permission(&nd, MAY_WRITE); | ||
115 | if (error) | ||
116 | goto dput_and_out; | ||
117 | } | ||
118 | } | ||
112 | } | 119 | } |
113 | mutex_lock(&inode->i_mutex); | 120 | mutex_lock(&inode->i_mutex); |
114 | error = notify_change(dentry, &newattrs); | 121 | error = notify_change(dentry, &newattrs); |