Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-09 14:43:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-stable/fs
History
Miklos Szeredi 02c6be615f vfs: fix permission checking in sys_utimensat 
If utimensat() is called with both times set to UTIME_NOW or one of them to
UTIME_NOW and the other to UTIME_OMIT, then it will update the file time
without any permission checking.

I don't think this can be used for anything other than a local DoS, but could
be quite bewildering at that (e.g.  "Why was that large source tree rebuilt
when I didn't modify anything???")

This affects all kernels from 2.6.22, when the utimensat() syscall was
introduced.

Fix by doing the same permission checking as for the "times == NULL" case.

Thanks to Michael Kerrisk, whose utimensat-non-conformances-and-fixes.patch in
-mm also fixes this (and breaks other stuff), only he didn't realize the
security implications of this bug.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: Ulrich Drepper <drepper@redhat.com>
Cc: Michael Kerrisk <mtk-manpages@gmx.net>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-05-01 08:03:59 -07:00
..
9p
[PATCH] restore sane ->umount_begin() API
2008-04-25 09:23:25 -04:00
adfs
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
affs
affs: be*_add_cpu conversion
2008-04-30 08:29:51 -07:00
afs
afs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
autofs
mount options: fix autofs
2008-02-08 09:22:40 -08:00
autofs4
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
befs
befs: fix sparse warning in linuxvfs.c
2008-04-29 08:05:59 -07:00
bfs
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
cifs
proc: remove proc_root_fs
2008-04-29 08:06:18 -07:00
coda
codafs: fix build warning
2008-04-29 08:06:04 -07:00
configfs
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
cramfs
fs: Remove unnecessary inclusions of asm/semaphore.h
2008-04-18 22:16:44 -04:00
debugfs
DEBUGFS: Correct location of debugfs API documentation.
2008-04-30 16:52:47 -07:00
devpts
devpts: factor out PTY index allocation
2008-04-30 08:29:48 -07:00
dlm
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
ecryptfs
Remove duplicated unlikely() in IS_ERR()
2008-04-29 08:06:25 -07:00
efs
efs: update error msg to not refer to deleted read_inode()
2008-04-02 15:28:19 -07:00
exportfs
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
ext2
ext2: retry block allocation if new blocks are allocated from system zone
2008-04-28 08:58:43 -07:00
ext3
ext3: fix test ext_generic_write_end() copied return value
2008-04-29 22:01:27 -04:00
ext4
ext4: fix test ext_generic_write_end() copied return value
2008-04-29 22:01:18 -04:00
fat
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
freevxfs
fs/freevxfs/: proper externs
2008-04-29 08:06:00 -07:00
fuse
fuse: fix sparse warnings
2008-04-30 08:29:51 -07:00
gfs2
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
hfs
hfs: fix warning with 64k PAGE_SIZE
2008-04-30 08:29:52 -07:00
hfsplus
hfsplus: fix warning with 64k PAGE_SIZE
2008-04-30 08:29:52 -07:00
hostfs
uml: fix hostfs tv_usec calculations
2008-02-05 09:44:30 -08:00
hpfs
mount options: fix hpfs
2008-02-08 09:22:40 -08:00
hppfs
[PATCH] sanitize hppfs
2008-03-19 06:42:18 -04:00
hugetlbfs
mm: bdi: add separate writeback accounting capability
2008-04-30 08:29:50 -07:00
isofs
isofs: fix access to unallocated memory when reading corrupted filesystem
2008-04-30 08:29:33 -07:00
jbd
jbd: replace remaining __FUNCTION__ occurrences
2008-04-28 08:58:45 -07:00
jbd2
jbd2: use non-racy method for proc entries creation
2008-04-29 08:06:20 -07:00
jffs2
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
jfs
proc: remove proc_root_fs
2008-04-29 08:06:18 -07:00
lockd
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
minix
iget: stop the MINIX filesystem from using iget() and read_inode()
2008-02-07 08:42:28 -08:00
msdos
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
ncpfs
ncpfs: use get/put_unaligned_* helpers
2008-04-29 08:06:28 -07:00
nfs
mm: bdi: expose the BDI object in sysfs for NFS
2008-04-30 08:29:49 -07:00
nfs_common
nfsd
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
nls
sparse pointer use of zero as null
2007-10-18 14:37:31 -07:00
ntfs
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
ocfs2
mm: bdi: add separate writeback accounting capability
2008-04-30 08:29:50 -07:00
openpromfs
iget: stop OPENPROMFS from using iget() and read_inode()
2008-02-07 08:42:29 -08:00
partitions
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
proc
mm: Add NR_WRITEBACK_TEMP counter
2008-04-30 08:29:50 -07:00
qnx4
iget: stop QNX4 from using iget() and read_inode()
2008-02-07 08:42:28 -08:00
ramfs
mm: bdi: add separate writeback accounting capability
2008-04-30 08:29:50 -07:00
reiserfs
reiserfs: use open_bdev_excl
2008-04-30 08:29:51 -07:00
romfs
ROMFS: Fix up an error in iget removal
2008-03-19 18:53:36 -07:00
smbfs
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
sysfs
sysfs: Disallow truncation of files in sysfs
2008-04-30 16:52:46 -07:00
sysv
sysv: [bl]e*_add_cpu conversion
2008-04-30 08:29:52 -07:00
udf
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
ufs
ufs: replace __inline with inline
2008-04-28 08:58:45 -07:00
vfat
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
xfs
[XFS] Include linux/random.h in all builds, not just debug.
2008-04-30 07:53:50 -07:00
aio.c
debugobjects: add timer specific object debugging code
2008-04-30 08:29:53 -07:00
anon_inodes.c
[PATCH] fix up new filp allocators
2008-03-19 06:54:05 -04:00
attr.c
VFS: make notify_change pass ATTR_KILL_S*ID to setattr operations
2007-10-18 14:37:22 -07:00
bad_inode.c
iget: introduce a function to register iget failure
2008-02-07 08:42:26 -08:00
binfmt_aout.c
fs/binfmt_aout.c: use printk_ratelimit()
2008-04-29 08:06:04 -07:00
binfmt_elf_fdpic.c
fdpic: check that the size returned by kernel_read() is what we asked for
2008-04-29 08:06:05 -07:00
binfmt_elf.c
elf: fix shadowed variables in fs/binfmt_elf.c
2008-04-29 08:06:16 -07:00
binfmt_em86.c
binfmt_misc.c: avoid potential kernel stack overflow
2008-04-29 08:06:04 -07:00
binfmt_flat.c
procfs task exe symlink
2008-04-29 08:06:17 -07:00
binfmt_misc.c
binfmt_misc.c: avoid potential kernel stack overflow
2008-04-29 08:06:04 -07:00
binfmt_script.c
binfmt_misc.c: avoid potential kernel stack overflow
2008-04-29 08:06:04 -07:00
binfmt_som.c
[PATCH] sanitize handling of shared descriptor tables in failing execve()
2008-04-25 09:23:53 -04:00
bio.c
block: add dma alignment and padding support to blk_rq_map_kern
2008-04-29 09:50:34 +02:00
block_dev.c
fs/block_dev.c: remove #if 0'ed code
2008-02-19 10:04:00 +01:00
buffer.c
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
char_dev.c
fs: remove unused fops from struct char_device_struct
2008-04-29 08:06:01 -07:00
compat_binfmt_elf.c
x86: compat_binfmt_elf
2008-01-30 13:31:46 +01:00
compat_ioctl.c
tty: The big operations rework
2008-04-30 08:29:47 -07:00
compat.c
signals: use HAVE_SET_RESTORE_SIGMASK
2008-04-30 08:29:37 -07:00
dcache.c
[patch 2/7] vfs: mountinfo: add seq_file_root()
2008-04-23 00:04:38 -04:00
dcookies.c
d_path: Make d_path() use a struct path
2008-02-14 21:17:09 -08:00
direct-io.c
Pagecache zeroing: zero_user_segment, zero_user_segments and zero_user
2008-02-05 09:44:13 -08:00
dnotify.c
Fix dnotify/close race
2008-04-30 20:09:00 -07:00
dquot.c
quota: quota core changes for quotaon on remount
2008-04-28 08:58:33 -07:00
drop_caches.c
vfs: skip inodes without pages to free in drop_pagecache_sb()
2008-04-29 08:06:05 -07:00
eventfd.c
fs/eventfd.c should #include <linux/syscalls.h>
2008-02-06 10:41:03 -08:00
eventpoll.c
signals: use HAVE_SET_RESTORE_SIGMASK
2008-04-30 08:29:37 -07:00
exec.c
document de_thread() with exit_notify() connection
2008-04-30 08:29:38 -07:00
fcntl.c
[PATCH] sanitize locate_fd()
2008-04-25 09:24:05 -04:00
fifo.c
Detach sched.h from mm.h
2007-05-21 09:18:19 -07:00
file_table.c
[PATCH] r/o bind mounts: debugging for missed calls
2008-04-19 00:29:28 -04:00
file.c
get rid of NR_OPEN and introduce a sysctl_nr_open
2008-02-06 10:41:06 -08:00
filesystems.c
add filesystem subtype support
2007-05-08 11:15:01 -07:00
fs-writeback.c
fs/fs-writeback.c: make 2 functions static
2008-04-29 08:06:00 -07:00
generic_acl.c
Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check
2007-07-17 12:00:03 -07:00
inode.c
fs/inode.c: use hlist_for_each_entry()
2008-04-29 08:06:06 -07:00
inotify_user.c
Remove duplicated unlikely() in IS_ERR()
2008-04-29 08:06:25 -07:00
inotify.c
inotify: remove debug code
2008-02-06 10:41:07 -08:00
internal.h
[PATCH] move a bunch of declarations to fs/internal.h
2008-04-21 23:11:01 -04:00
ioctl.c
make vfs_ioctl() static
2008-04-29 08:06:00 -07:00
ioprio.c
cfq-iosched: relax IOPRIO_CLASS_IDLE restrictions
2008-01-28 11:38:15 +01:00
Kconfig
[S390] System z large page support.
2008-04-30 13:38:47 +02:00
Kconfig.binfmt
make BINFMT_FLAT a bool
2008-04-29 08:06:01 -07:00
libfs.c
Pagecache zeroing: zero_user_segment, zero_user_segments and zero_user
2008-02-05 09:44:13 -08:00
locks.c
Export __locks_copy_lock() so modular lockd builds
2008-04-25 15:49:46 -07:00
Makefile
x86: compat_binfmt_elf Kconfig
2008-01-30 13:31:46 +01:00
mbcache.c
vfs: fix possible deadlock in ext2, ext3, ext4 when using xattrs
2008-04-15 19:35:41 -07:00
mpage.c
docbook: fix filesystems.tmpl source files
2008-03-03 10:47:13 -08:00
namei.c
cgroups: implement device whitelist
2008-04-29 08:06:09 -07:00
namespace.c
fs: replace remaining __FUNCTION__ occurrences
2008-04-30 08:29:54 -07:00
nfsctl.c
Introduce path_put()
2008-02-14 21:13:33 -08:00
no-block.c
open.c
xip: support non-struct page backed memory
2008-04-28 08:58:23 -07:00
pipe.c
[PATCH] double-free of inode on alloc_file() failure exit in create_write_pipe()
2008-04-22 19:54:57 -04:00
pnode.c
[patch 7/7] vfs: mountinfo: show dominating group id
2008-04-23 00:05:09 -04:00
pnode.h
[patch 7/7] vfs: mountinfo: show dominating group id
2008-04-23 00:05:09 -04:00
posix_acl.c
quota_v1.c
quota: do not allow setting of quota limits to too high values
2008-04-28 08:58:32 -07:00
quota_v2.c
quota: le*_add_cpu conversion
2008-04-30 08:29:51 -07:00
quota.c
quota: quota core changes for quotaon on remount
2008-04-28 08:58:33 -07:00
read_write.c
fs: use loff_t type instead of long long
2008-04-22 15:17:11 -07:00
read_write.h
readdir.c
Use mutex_lock_killable in vfs_readdir
2007-12-06 17:39:54 -05:00
select.c
signals: use HAVE_SET_RESTORE_SIGMASK
2008-04-30 08:29:37 -07:00
seq_file.c
[patch 2/7] vfs: mountinfo: add seq_file_root()
2008-04-23 00:04:38 -04:00
signalfd.c
signalfd: fix for incorrect SI_QUEUE user data reporting
2008-04-11 08:06:44 -07:00
splice.c
relay: fix splice problem
2008-04-29 09:48:15 +02:00
stack.c
[PATCH] fs/stack.c: Copy i_nlink after all other attributes are copied
2007-02-19 14:21:50 -08:00
stat.c
Introduce path_put()
2008-02-14 21:13:33 -08:00
super.c
make __put_super() static
2008-04-29 08:06:00 -07:00
sync.c
vfs: fix unconditional write_super() call in file_fsync()
2008-04-29 08:06:06 -07:00
timerfd.c
fs/timerfd.c should #include <linux/syscalls.h>
2008-04-29 08:06:01 -07:00
utimes.c
vfs: fix permission checking in sys_utimensat
2008-05-01 08:03:59 -07:00
xattr_acl.c
[PATCH] remove many unneeded #includes of sched.h
2007-02-14 08:09:54 -08:00
xattr.c
xattr: add missing consts to function arguments
2008-04-29 08:06:06 -07:00