GIT: unionfs2-2.6.27.y: xfs: prevent swapext from operating on write-only files
Erez Zadok
ezk at fsl.cs.sunysb.edu
Thu Aug 12 23:15:39 EDT 2010
commit e1377aee4e4d4f5f0621b399b247b0790330b4c9
Author: Dan Rosenberg <dan.j.rosenberg at gmail.com>
Date: Thu Jun 24 12:07:47 2010 +1000
xfs: prevent swapext from operating on write-only files
commit 1817176a86352f65210139d4c794ad2d19fc6b63 upstream.
This patch prevents user "foo" from using the SWAPEXT ioctl to swap
a write-only file owned by user "bar" into a file owned by "foo" and
subsequently reading it. It does so by checking that the file
descriptors passed to the ioctl are also opened for reading.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
Reviewed-by: Christoph Hellwig <hch at lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
diff --git a/fs/xfs/xfs_dfrag.c b/fs/xfs/xfs_dfrag.c
index 75b0cd4..ce2a6a2 100644
--- a/fs/xfs/xfs_dfrag.c
+++ b/fs/xfs/xfs_dfrag.c
@@ -74,7 +74,9 @@ xfs_swapext(
goto out_free_sxp;
}
- if (!(file->f_mode & FMODE_WRITE) || (file->f_flags & O_APPEND)) {
+ if (!(file->f_mode & FMODE_WRITE) ||
+ !(file->f_mode & FMODE_READ) ||
+ (file->f_flags & O_APPEND)) {
error = XFS_ERROR(EBADF);
goto out_put_file;
}
@@ -86,6 +88,7 @@ xfs_swapext(
}
if (!(target_file->f_mode & FMODE_WRITE) ||
+ !(target_file->f_mode & FMODE_READ) ||
(target_file->f_flags & O_APPEND)) {
error = XFS_ERROR(EBADF);
goto out_put_target_file;
More information about the unionfs-cvs
mailing list