]> git.baikalelectronics.ru Git - kernel.git/commit
fs: Call security_ops->inode_killpriv on truncate
authorJan Kara <jack@suse.cz>
Thu, 21 May 2015 14:05:55 +0000 (16:05 +0200)
committerAl Viro <viro@zeniv.linux.org.uk>
Tue, 23 Jun 2015 22:01:09 +0000 (18:01 -0400)
commitd4abf1d47b4edda99d4cf9949dd4c33fa25316be
treeb7919ca80674bc1793b4423957f4d61c8100408d
parenta0b31d3c4c15bf66cd3a2934223fcab82fc9070f
fs: Call security_ops->inode_killpriv on truncate

Comment in include/linux/security.h says that ->inode_killpriv() should
be called when setuid bit is being removed and that similar security
labels (in fact this applies only to file capabilities) should be
removed at this time as well. However we don't call ->inode_killpriv()
when we remove suid bit on truncate.

We fix the problem by calling ->inode_need_killpriv() and subsequently
->inode_killpriv() on truncate the same way as we do it on file write.

After this patch there's only one user of should_remove_suid() - ocfs2 -
and indeed it's buggy because it doesn't call ->inode_killpriv() on
write. However fixing it is difficult because of special locking
constraints.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/inode.c
fs/open.c
include/linux/fs.h