aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorMiklos Szeredi <mszeredi@suse.cz>2008-07-01 09:01:26 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2008-07-26 20:53:25 -0400
commit9767d74957450da6365c363d69e3d02d605d7375 (patch)
tree913afe491d13b42b0cfcb540569080bba4725dfd /fs
parent88b387824fdaecb6ba0f471acf0aadf7d24739fd (diff)
[patch 1/4] vfs: utimes: move owner check into inode_change_ok()
Add a new ia_valid flag: ATTR_TIMES_SET, to handle the UTIMES_OMIT/UTIMES_NOW and UTIMES_NOW/UTIMES_OMIT cases. In these cases neither ATTR_MTIME_SET nor ATTR_ATIME_SET is in the flags, yet the POSIX draft specifies that permission checking is performed the same way as if one or both of the times was explicitly set to a timestamp. See the path "vfs: utimensat(): fix error checking for {UTIME_NOW,UTIME_OMIT} case" by Michael Kerrisk for the patch introducing this behavior. This is a cleanup, as well as allowing filesystems (NFS/fuse/...) to perform their own permission checking instead of the default. CC: Ulrich Drepper <drepper@redhat.com> CC: Michael Kerrisk <mtk.manpages@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r--fs/attr.c2
-rw-r--r--fs/utimes.c17
2 files changed, 5 insertions, 14 deletions
diff --git a/fs/attr.c b/fs/attr.c
index 966b73e25f82..765fc75fab3b 100644
--- a/fs/attr.c
+++ b/fs/attr.c
@@ -51,7 +51,7 @@ int inode_change_ok(struct inode *inode, struct iattr *attr)
51 } 51 }
52 52
53 /* Check for setting the inode time. */ 53 /* Check for setting the inode time. */
54 if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) { 54 if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET)) {
55 if (!is_owner_or_cap(inode)) 55 if (!is_owner_or_cap(inode))
56 goto error; 56 goto error;
57 } 57 }
diff --git a/fs/utimes.c b/fs/utimes.c
index b6b664e7145e..ecf8941ba34a 100644
--- a/fs/utimes.c
+++ b/fs/utimes.c
@@ -101,7 +101,6 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags
101 times[1].tv_nsec == UTIME_NOW) 101 times[1].tv_nsec == UTIME_NOW)
102 times = NULL; 102 times = NULL;
103 103
104 /* In most cases, the checks are done in inode_change_ok() */
105 newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME; 104 newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;
106 if (times) { 105 if (times) {
107 error = -EPERM; 106 error = -EPERM;
@@ -123,21 +122,13 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags
123 newattrs.ia_mtime.tv_nsec = times[1].tv_nsec; 122 newattrs.ia_mtime.tv_nsec = times[1].tv_nsec;
124 newattrs.ia_valid |= ATTR_MTIME_SET; 123 newattrs.ia_valid |= ATTR_MTIME_SET;
125 } 124 }
126
127 /* 125 /*
128 * For the UTIME_OMIT/UTIME_NOW and UTIME_NOW/UTIME_OMIT 126 * Tell inode_change_ok(), that this is an explicit time
129 * cases, we need to make an extra check that is not done by 127 * update, even if neither ATTR_ATIME_SET nor ATTR_MTIME_SET
130 * inode_change_ok(). 128 * were used.
131 */ 129 */
132 if (((times[0].tv_nsec == UTIME_NOW && 130 newattrs.ia_valid |= ATTR_TIMES_SET;
133 times[1].tv_nsec == UTIME_OMIT)
134 ||
135 (times[0].tv_nsec == UTIME_OMIT &&
136 times[1].tv_nsec == UTIME_NOW))
137 && !is_owner_or_cap(inode))
138 goto mnt_drop_write_and_out;
139 } else { 131 } else {
140
141 /* 132 /*
142 * If times is NULL (or both times are UTIME_NOW), 133 * If times is NULL (or both times are UTIME_NOW),
143 * then we need to check permissions, because 134 * then we need to check permissions, because