Re: [PATCH] fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks

Fri, 10 Mar 2017 13:55:51 -0800 

Quoting Stephen Smalley (s...@tycho.nsa.gov):
> generic_permission() presently checks CAP_DAC_OVERRIDE prior to
> CAP_DAC_READ_SEARCH.  This can cause misleading audit messages when
> using a LSM such as SELinux or AppArmor, since CAP_DAC_OVERRIDE
> may not be required for the operation.  Flip the order of the
> tests so that CAP_DAC_OVERRIDE is only checked when required for
> the operation.
> 
> Signed-off-by: Stephen Smalley <s...@tycho.nsa.gov>

Lol, not sure if that patch has arranged itself to be as confusing
as possible (for a simple end result) or if it's in my head :), but
I had to read it like 3 times, despite it appearing trivial in the
end.

Reviewed-by: Serge Hallyn <se...@hallyn.com>

> ---
>  fs/namei.c | 20 ++++++++++----------
>  1 file changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/fs/namei.c b/fs/namei.c
> index d41fab7..482414a 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -340,22 +340,14 @@ int generic_permission(struct inode *inode, int mask)
>  
>       if (S_ISDIR(inode->i_mode)) {
>               /* DACs are overridable for directories */
> -             if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
> -                     return 0;
>               if (!(mask & MAY_WRITE))
>                       if (capable_wrt_inode_uidgid(inode,
>                                                    CAP_DAC_READ_SEARCH))
>                               return 0;
> -             return -EACCES;
> -     }
> -     /*
> -      * Read/write DACs are always overridable.
> -      * Executable DACs are overridable when there is
> -      * at least one exec bit set.
> -      */
> -     if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
>               if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
>                       return 0;
> +             return -EACCES;
> +     }
>  
>       /*
>        * Searching includes executable on directories, else just read.
> @@ -364,6 +356,14 @@ int generic_permission(struct inode *inode, int mask)
>       if (mask == MAY_READ)
>               if (capable_wrt_inode_uidgid(inode, CAP_DAC_READ_SEARCH))
>                       return 0;
> +     /*
> +      * Read/write DACs are always overridable.
> +      * Executable DACs are overridable when there is
> +      * at least one exec bit set.
> +      */
> +     if (!(mask & MAY_EXEC) || (inode->i_mode & S_IXUGO))
> +             if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE))
> +                     return 0;
>  
>       return -EACCES;
>  }
> -- 
> 2.7.4

Reply via email to