diff options
| author | Jeff Mahoney <[email protected]> | 2010-04-23 13:17:37 -0400 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2010-04-24 11:31:24 -0700 |
| commit | cac36f707119b792b2396aed371d6b5cdc194890 (patch) | |
| tree | ccb19a68ce1c1aa066d6d13dde51657cba906de6 /tools/perf/util/trace-event-scripting.c | |
| parent | 33eaf788345c0311ab48ae62673c05f59fb09bb3 (diff) | |
reiserfs: fix permissions on .reiserfs_priv
Commit 677c9b2e393a0cd203bd54e9c18b012b2c73305a ("reiserfs: remove
privroot hiding in lookup") removed the magic from the lookup code to hide
the .reiserfs_priv directory since it was getting loaded at mount-time
instead. The intent was that the entry would be hidden from the user via
a poisoned d_compare, but this was faulty.
This introduced a security issue where unprivileged users could access and
modify extended attributes or ACLs belonging to other users, including
root.
This patch resolves the issue by properly hiding .reiserfs_priv. This was
the intent of the xattr poisoning code, but it appears to have never
worked as expected. This is fixed by using d_revalidate instead of
d_compare.
This patch makes -oexpose_privroot a no-op. I'm fine leaving it this way.
The effort involved in working out the corner cases wrt permissions and
caching outweigh the benefit of the feature.
Signed-off-by: Jeff Mahoney <[email protected]>
Acked-by: Edward Shishkin <[email protected]>
Reported-by: Matt McCutchen <[email protected]>
Tested-by: Matt McCutchen <[email protected]>
Cc: Frederic Weisbecker <[email protected]>
Cc: Al Viro <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/util/trace-event-scripting.c')
0 files changed, 0 insertions, 0 deletions