aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ext4/ioctl.c
diff options
context:
space:
mode:
authorSatyam Sharma <ssatyam@cse.iitk.ac.in>2007-07-17 05:30:08 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-17 15:00:03 -0400
commit3bd858ab1c451725c07a805dcb315215dc85b86e (patch)
tree5d49c4300e350d64fd81eb3230b81f754117e0c1 /fs/ext4/ioctl.c
parent49c13b51a15f1ba9f6d47e26e4a3886c4f3931e2 (diff)
Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check
Introduce is_owner_or_cap() macro in fs.h, and convert over relevant users to it. This is done because we want to avoid bugs in the future where we check for only effective fsuid of the current task against a file's owning uid, without simultaneously checking for CAP_FOWNER as well, thus violating its semantics. [ XFS uses special macros and structures, and in general looked ... untouchable, so we leave it alone -- but it has been looked over. ] The (current->fsuid != inode->i_uid) check in generic_permission() and exec_permission_lite() is left alone, because those operations are covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations falling under the purview of CAP_CHOWN and CAP_LEASE are also left alone. Signed-off-by: Satyam Sharma <ssatyam@cse.iitk.ac.in> Cc: Al Viro <viro@ftp.linux.org.uk> Acked-by: Serge E. Hallyn <serge@hallyn.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ext4/ioctl.c')
-rw-r--r--fs/ext4/ioctl.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index 500567dd53b6..7b4aa4543c83 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -40,7 +40,7 @@ int ext4_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
40 if (IS_RDONLY(inode)) 40 if (IS_RDONLY(inode))
41 return -EROFS; 41 return -EROFS;
42 42
43 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 43 if (!is_owner_or_cap(inode))
44 return -EACCES; 44 return -EACCES;
45 45
46 if (get_user(flags, (int __user *) arg)) 46 if (get_user(flags, (int __user *) arg))
@@ -121,7 +121,7 @@ flags_err:
121 __u32 generation; 121 __u32 generation;
122 int err; 122 int err;
123 123
124 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 124 if (!is_owner_or_cap(inode))
125 return -EPERM; 125 return -EPERM;
126 if (IS_RDONLY(inode)) 126 if (IS_RDONLY(inode))
127 return -EROFS; 127 return -EROFS;
@@ -180,7 +180,7 @@ flags_err:
180 if (IS_RDONLY(inode)) 180 if (IS_RDONLY(inode))
181 return -EROFS; 181 return -EROFS;
182 182
183 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) 183 if (!is_owner_or_cap(inode))
184 return -EACCES; 184 return -EACCES;
185 185
186 if (get_user(rsv_window_size, (int __user *)arg)) 186 if (get_user(rsv_window_size, (int __user *)arg))