Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-12 23:23:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

[PATCH] Remove SUID when splicing into an inode

Browse Source 
Originally from Mark Fasheh <mark.fasheh@oracle.com>

generic_file_splice_write() does not remove S_ISUID or S_ISGID. This is
inconsistent with the way we generally write to files.

Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
This commit is contained in:
Jens Axboe 2006-10-17 19:43:22 +02:00 committed by Jens Axboe
parent 01de85e057
commit 8c34e2d632
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
fs/splice.c
View File

@ -845,6 +845,10 @@ generic_file_splice_write_nolock(struct pipe_inode_info *pipe, struct file *out,
ssize_t ret; ssize_t ret;
int err; int err;
err = remove_suid(out->f_dentry);
if (unlikely(err))
return err;
ret = __splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file); ret = __splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
if (ret > 0) { if (ret > 0) {
*ppos += ret; *ppos += ret;
@ -883,12 +887,21 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
loff_t *ppos, size_t len, unsigned int flags) loff_t *ppos, size_t len, unsigned int flags)
{ {
struct address_space *mapping = out->f_mapping; struct address_space *mapping = out->f_mapping;
struct inode *inode = mapping->host;
ssize_t ret; ssize_t ret;
int err;
err = should_remove_suid(out->f_dentry);
if (unlikely(err)) {
mutex_lock(&inode->i_mutex);
err = __remove_suid(out->f_dentry, err);
mutex_unlock(&inode->i_mutex);
if (err)
return err;
}
ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file); ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
if (ret > 0) { if (ret > 0) {
struct inode *inode = mapping->host;
*ppos += ret; *ppos += ret;
/* /*
@ -896,8 +909,6 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
* sync it. * sync it.
*/ */
if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) { if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
int err;
mutex_lock(&inode->i_mutex); mutex_lock(&inode->i_mutex);
err = generic_osync_inode(inode, mapping, err = generic_osync_inode(inode, mapping,
OSYNC_METADATA|OSYNC_DATA); OSYNC_METADATA|OSYNC_DATA);