summaryrefslogtreecommitdiffstats
path: root/mm
diff options
context:
space:
mode:
authorJeff Mahoney <jeffm@suse.com>2010-04-23 19:17:37 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2010-04-24 20:31:24 +0200
commitcac36f707119b792b2396aed371d6b5cdc194890 (patch)
treeccb19a68ce1c1aa066d6d13dde51657cba906de6 /mm
parentMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiw... (diff)
downloadlinux-cac36f707119b792b2396aed371d6b5cdc194890.tar.xz
linux-cac36f707119b792b2396aed371d6b5cdc194890.zip
reiserfs: fix permissions on .reiserfs_priv
Commit 677c9b2e393a0cd203bd54e9c18b012b2c73305a ("reiserfs: remove privroot hiding in lookup") removed the magic from the lookup code to hide the .reiserfs_priv directory since it was getting loaded at mount-time instead. The intent was that the entry would be hidden from the user via a poisoned d_compare, but this was faulty. This introduced a security issue where unprivileged users could access and modify extended attributes or ACLs belonging to other users, including root. This patch resolves the issue by properly hiding .reiserfs_priv. This was the intent of the xattr poisoning code, but it appears to have never worked as expected. This is fixed by using d_revalidate instead of d_compare. This patch makes -oexpose_privroot a no-op. I'm fine leaving it this way. The effort involved in working out the corner cases wrt permissions and caching outweigh the benefit of the feature. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Acked-by: Edward Shishkin <edward.shishkin@gmail.com> Reported-by: Matt McCutchen <matt@mattmccutchen.net> Tested-by: Matt McCutchen <matt@mattmccutchen.net> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm')
0 files changed, 0 insertions, 0 deletions