[patch 1/4] vfs: utimes: move owner check into inode_change_ok()

Add a new ia_valid flag: ATTR_TIMES_SET, to handle the
UTIMES_OMIT/UTIMES_NOW and UTIMES_NOW/UTIMES_OMIT cases.  In these
cases neither ATTR_MTIME_SET nor ATTR_ATIME_SET is in the flags, yet
the POSIX draft specifies that permission checking is performed the
same way as if one or both of the times was explicitly set to a
timestamp.

See the path "vfs: utimensat(): fix error checking for
{UTIME_NOW,UTIME_OMIT} case" by Michael Kerrisk for the patch
introducing this behavior.

This is a cleanup, as well as allowing filesystems (NFS/fuse/...) to
perform their own permission checking instead of the default.

CC: Ulrich Drepper <drepper@redhat.com>
CC: Michael Kerrisk <mtk.manpages@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Miklos Szeredi 2008-07-01 15:01:26 +02:00 committed by Al Viro
parent 88b387824f
commit 9767d74957
3 changed files with 22 additions and 30 deletions

View File

@ -51,7 +51,7 @@ int inode_change_ok(struct inode *inode, struct iattr *attr)
} }
/* Check for setting the inode time. */ /* Check for setting the inode time. */
if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET)) { if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET)) {
if (!is_owner_or_cap(inode)) if (!is_owner_or_cap(inode))
goto error; goto error;
} }

View File

@ -101,7 +101,6 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags
times[1].tv_nsec == UTIME_NOW) times[1].tv_nsec == UTIME_NOW)
times = NULL; times = NULL;
/* In most cases, the checks are done in inode_change_ok() */
newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME; newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;
if (times) { if (times) {
error = -EPERM; error = -EPERM;
@ -123,21 +122,13 @@ long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags
newattrs.ia_mtime.tv_nsec = times[1].tv_nsec; newattrs.ia_mtime.tv_nsec = times[1].tv_nsec;
newattrs.ia_valid |= ATTR_MTIME_SET; newattrs.ia_valid |= ATTR_MTIME_SET;
} }
/* /*
* For the UTIME_OMIT/UTIME_NOW and UTIME_NOW/UTIME_OMIT * Tell inode_change_ok(), that this is an explicit time
* cases, we need to make an extra check that is not done by * update, even if neither ATTR_ATIME_SET nor ATTR_MTIME_SET
* inode_change_ok(). * were used.
*/ */
if (((times[0].tv_nsec == UTIME_NOW && newattrs.ia_valid |= ATTR_TIMES_SET;
times[1].tv_nsec == UTIME_OMIT)
||
(times[0].tv_nsec == UTIME_OMIT &&
times[1].tv_nsec == UTIME_NOW))
&& !is_owner_or_cap(inode))
goto mnt_drop_write_and_out;
} else { } else {
/* /*
* If times is NULL (or both times are UTIME_NOW), * If times is NULL (or both times are UTIME_NOW),
* then we need to check permissions, because * then we need to check permissions, because

View File

@ -320,22 +320,23 @@ typedef void (dio_iodone_t)(struct kiocb *iocb, loff_t offset,
* Attribute flags. These should be or-ed together to figure out what * Attribute flags. These should be or-ed together to figure out what
* has been changed! * has been changed!
*/ */
#define ATTR_MODE 1 #define ATTR_MODE (1 << 0)
#define ATTR_UID 2 #define ATTR_UID (1 << 1)
#define ATTR_GID 4 #define ATTR_GID (1 << 2)
#define ATTR_SIZE 8 #define ATTR_SIZE (1 << 3)
#define ATTR_ATIME 16 #define ATTR_ATIME (1 << 4)
#define ATTR_MTIME 32 #define ATTR_MTIME (1 << 5)
#define ATTR_CTIME 64 #define ATTR_CTIME (1 << 6)
#define ATTR_ATIME_SET 128 #define ATTR_ATIME_SET (1 << 7)
#define ATTR_MTIME_SET 256 #define ATTR_MTIME_SET (1 << 8)
#define ATTR_FORCE 512 /* Not a change, but a change it */ #define ATTR_FORCE (1 << 9) /* Not a change, but a change it */
#define ATTR_ATTR_FLAG 1024 #define ATTR_ATTR_FLAG (1 << 10)
#define ATTR_KILL_SUID 2048 #define ATTR_KILL_SUID (1 << 11)
#define ATTR_KILL_SGID 4096 #define ATTR_KILL_SGID (1 << 12)
#define ATTR_FILE 8192 #define ATTR_FILE (1 << 13)
#define ATTR_KILL_PRIV 16384 #define ATTR_KILL_PRIV (1 << 14)
#define ATTR_OPEN 32768 /* Truncating from open(O_TRUNC) */ #define ATTR_OPEN (1 << 15) /* Truncating from open(O_TRUNC) */
#define ATTR_TIMES_SET (1 << 16)
/* /*
* This is the Inode Attributes structure, used for notify_change(). It * This is the Inode Attributes structure, used for notify_change(). It