diff options
| author | Andreas Gruenbacher <agruen@kernel.org> | 2011-05-27 08:50:36 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2011-05-27 09:43:00 -0400 |
| commit | 55b23bde19c08f14127a27d461a4e079942c7258 (patch) | |
| tree | 074f23a530c5bbaccce7068bf2947bf39b60ab16 /fs | |
| parent | aa38572954ade525817fe88c54faebf85e5a61c0 (diff) | |
xattr: Fix error results for non-existent / invisible attributes
Return -ENODATA when trying to read a user.* attribute which cannot
exist: user space otherwise does not have a reasonable way to
distinguish between non-existent and inaccessible attributes.
Likewise, return -ENODATA when an unprivileged process tries to read a
trusted.* attribute: to unprivileged processes, those attributes are
invisible (listxattr() won't include them).
Related to this bug report: https://bugzilla.redhat.com/660613
Signed-off-by: Andreas Gruenbacher <agruen@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/xattr.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/fs/xattr.c b/fs/xattr.c index f1ef94974dea..4be2e7666d02 100644 --- a/fs/xattr.c +++ b/fs/xattr.c | |||
| @@ -46,18 +46,22 @@ xattr_permission(struct inode *inode, const char *name, int mask) | |||
| 46 | return 0; | 46 | return 0; |
| 47 | 47 | ||
| 48 | /* | 48 | /* |
| 49 | * The trusted.* namespace can only be accessed by a privileged user. | 49 | * The trusted.* namespace can only be accessed by privileged users. |
| 50 | */ | 50 | */ |
| 51 | if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) | 51 | if (!strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN)) { |
| 52 | return (capable(CAP_SYS_ADMIN) ? 0 : -EPERM); | 52 | if (!capable(CAP_SYS_ADMIN)) |
| 53 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; | ||
| 54 | return 0; | ||
| 55 | } | ||
| 53 | 56 | ||
| 54 | /* In user.* namespace, only regular files and directories can have | 57 | /* |
| 58 | * In the user.* namespace, only regular files and directories can have | ||
| 55 | * extended attributes. For sticky directories, only the owner and | 59 | * extended attributes. For sticky directories, only the owner and |
| 56 | * privileged user can write attributes. | 60 | * privileged users can write attributes. |
| 57 | */ | 61 | */ |
| 58 | if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { | 62 | if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN)) { |
| 59 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) | 63 | if (!S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) |
| 60 | return -EPERM; | 64 | return (mask & MAY_WRITE) ? -EPERM : -ENODATA; |
| 61 | if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && | 65 | if (S_ISDIR(inode->i_mode) && (inode->i_mode & S_ISVTX) && |
| 62 | (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) | 66 | (mask & MAY_WRITE) && !inode_owner_or_capable(inode)) |
| 63 | return -EPERM; | 67 | return -EPERM; |