David Howells wrote:
> > > I think this is a pretty strong argument. Counter-arguments, anybody?
> >
> > Yes. CAP_DAC_READ_SEARCH.
>
> No, it would seem unlikely it's that, but I guess there's another capability
> override because the process is owned by root.
CAP_DAC_OVERRIDE, I think.
David Howells wrote:
> > I think this is a pretty strong argument. Counter-arguments, anybody?
>
> Yes. CAP_DAC_READ_SEARCH.
No, it would seem unlikely it's that, but I guess there's another capability
override because the process is owned by root.
David
--
To unsubscribe from this list: send
Linus Torvalds wrote:
> I think this is a pretty strong argument. Counter-arguments, anybody?
Yes. CAP_DAC_READ_SEARCH.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.ker
Further:
[root@andromeda ~]# touch /tmp/foo
[root@andromeda ~]# chmod 0444 /tmp/foo
[root@andromeda ~]# ls -l /tmp/foo
-r--r--r--. 1 root root 0 Jan 31 00:17 /tmp/foo
[root@andromeda ~]# echo hello >/tmp/foo
[root@andromeda ~]# ls -l /tmp/foo
Eric W. Biederman wrote:
> These files have been read-only since this code was merged in 2002.
> Over a decade of not being used seems like a strong indication that no
> one cares about the write path.
Actually, things aren't as simple as they seem. Without the patch applied:
[root@and
Pali Rohár writes:
> 2014-01-30 Linus Torvalds :
>> Eric W. Biederman wrote:
>>> These files have been read-only since this code was merged in 2002.
>>> Over a decade of not being used seems like a strong indication that no
>>> one cares about the write path.
>> I think this is a pretty strong
On Thu, Jan 30, 2014 at 02:27:15PM -0800, Linus Torvalds wrote:
> On Thu, Jan 30, 2014 at 2:15 PM, Pali Rohár wrote:
> >
> > In afs documentation is written that you need to write to these files. See:
>
> Well, but the afs documentation is clearly wrong, since the
> "documented" procedure d
On Thu, Jan 30, 2014 at 2:15 PM, Pali Rohár wrote:
>
> In afs documentation is written that you need to write to these files. See:
Well, but the afs documentation is clearly wrong, since the
"documented" procedure doesn't actually *work*.
So I don't think "it's documented" is a very strong argum
2014-01-30 Linus Torvalds :
> On Thu, Jan 30, 2014 at 1:48 PM, Eric W. Biederman
> wrote:
>>
>> These files have been read-only since this code was merged in 2002.
>> Over a decade of not being used seems like a strong indication that no
>> one cares about the write path.
>
> I think this is a pre
On Thu, Jan 30, 2014 at 1:48 PM, Eric W. Biederman
wrote:
>
> These files have been read-only since this code was merged in 2002.
> Over a decade of not being used seems like a strong indication that no
> one cares about the write path.
I think this is a pretty strong argument. Counter-arguments,
David Howells writes:
> From: Pali Rohár
>
> Both proc files are writeable and used for configuring cells. But
> there is missing correct mode flag for writeable files. Without
> this patch both proc files are read only.
Dumb question. Is this worth fixing? Should we perhaps instead remove
th
Al Viro wrote:
> > ... and then making proc_create() only permit regular files (and complain
> > if the S_IFMT field is not zero)?
>
> We already do: in proc_create_data() we have
> struct proc_dir_entry *pde;
> if ((mode & S_IFMT) == 0)
> mode |= S_IFREG;
>
>
On Tue, Jan 28, 2014 at 08:20:12PM +, David Howells wrote:
> Linus Torvalds wrote:
>
> > > - p = proc_create("cells", 0, proc_afs, &afs_proc_cells_fops);
> > > + p = proc_create("cells", S_IFREG | S_IRUGO | S_IWUSR, proc_afs,
> > > &afs_proc_cells_fops);
> > > - p = proc_cr
Linus Torvalds wrote:
> > - p = proc_create("cells", 0, proc_afs, &afs_proc_cells_fops);
> > + p = proc_create("cells", S_IFREG | S_IRUGO | S_IWUSR, proc_afs,
> > &afs_proc_cells_fops);
> > - p = proc_create("rootcell", 0, proc_afs, &afs_proc_rootcell_fops);
> > + p = pro
On Tue, 2014-01-28 at 13:17 +0100, Geert Uytterhoeven wrote:
> On Tue, Jan 28, 2014 at 1:04 PM, Ingo Molnar wrote:
> > * Geert Uytterhoeven wrote:
> >> On Sun, Jan 26, 2014 at 9:25 PM, Ingo Molnar wrote:
> >> > * Ingo Molnar wrote:
> >> >> * Linus Torvalds wrote:
> >> >> > On Sun, Jan 26, 2014
* Geert Uytterhoeven wrote:
> On Tue, Jan 28, 2014 at 1:04 PM, Ingo Molnar wrote:
> > * Geert Uytterhoeven wrote:
> >> On Sun, Jan 26, 2014 at 9:25 PM, Ingo Molnar wrote:
> >> > * Ingo Molnar wrote:
> >> >> * Linus Torvalds wrote:
> >> >> > On Sun, Jan 26, 2014 at 4:27 AM, David Howells
>
On Tue, Jan 28, 2014 at 1:04 PM, Ingo Molnar wrote:
> * Geert Uytterhoeven wrote:
>> On Sun, Jan 26, 2014 at 9:25 PM, Ingo Molnar wrote:
>> > * Ingo Molnar wrote:
>> >> * Linus Torvalds wrote:
>> >> > On Sun, Jan 26, 2014 at 4:27 AM, David Howells
>> >> > wrote:
>> >> > > - p = proc_cr
* Geert Uytterhoeven wrote:
> On Sun, Jan 26, 2014 at 9:25 PM, Ingo Molnar wrote:
> > * Ingo Molnar wrote:
> >> * Linus Torvalds wrote:
> >> > On Sun, Jan 26, 2014 at 4:27 AM, David Howells
> >> > wrote:
> >> > > - p = proc_create("cells", 0, proc_afs, &afs_proc_cells_fops);
> >> > >
On Sun, Jan 26, 2014 at 9:25 PM, Ingo Molnar wrote:
> * Ingo Molnar wrote:
>> * Linus Torvalds wrote:
>> > On Sun, Jan 26, 2014 at 4:27 AM, David Howells wrote:
>> > > - p = proc_create("cells", 0, proc_afs, &afs_proc_cells_fops);
>> > > + p = proc_create("cells", S_IFREG | S_IRUGO
Ingo wrote:
> Perhaps we could also generate the most common variants as:
>
> #define PERM__rw_r__r__ 0644
You're not alone!
http://lkml.indiana.edu/hypermail/linux/kernel/0607.3/1325.html
But I think 0644 is obvious and the most right way.
Of course, proc should detect those (->write vs ->mode
* Ingo Molnar wrote:
>
> * Linus Torvalds wrote:
>
> > On Sun, Jan 26, 2014 at 4:27 AM, David Howells wrote:
> > >
> > > - p = proc_create("cells", 0, proc_afs, &afs_proc_cells_fops);
> > > + p = proc_create("cells", S_IFREG | S_IRUGO | S_IWUSR, proc_afs,
> > > &afs_proc_cells_f
* Ingo Molnar wrote:
> Perhaps we could also generate the most common variants as:
>
> #define PERM__rw_r__r__ 0644
> #define PERM__r 0400
> #define PERM__r__r__r__ 0444
> #define PERM__r_xr_xr_x 0555
>
> etc.
>
> or something si
* Linus Torvalds wrote:
> On Sun, Jan 26, 2014 at 4:27 AM, David Howells wrote:
> >
> > - p = proc_create("cells", 0, proc_afs, &afs_proc_cells_fops);
> > + p = proc_create("cells", S_IFREG | S_IRUGO | S_IWUSR, proc_afs,
> > &afs_proc_cells_fops);
> > - p = proc_create("rootc
On Sun, Jan 26, 2014 at 4:27 AM, David Howells wrote:
>
> - p = proc_create("cells", 0, proc_afs, &afs_proc_cells_fops);
> + p = proc_create("cells", S_IFREG | S_IRUGO | S_IWUSR, proc_afs,
> &afs_proc_cells_fops);
> - p = proc_create("rootcell", 0, proc_afs, &afs_proc_rootcell_f
On Tuesday 17 December 2013 19:31:05 David Howells wrote:
> Andrew Morton wrote:
> > David ack?
>
> I've signed it off and added here:
>
> http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs
> .git/commit/?h=afs&id=8de69dbba9012693d4f9e7a7e3c12a0b467f85f3
>
> David
Can you prop
Andrew Morton wrote:
> David ack?
I've signed it off and added here:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/commit/?h=afs&id=8de69dbba9012693d4f9e7a7e3c12a0b467f85f3
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body
On Monday 16 December 2013 08:00:04 Andrew Morton wrote:
> On Wed, 20 Nov 2013 14:30:55 +0100 Pali Roh__r
wrote:
> > Both proc files are writeable and used for configuring
> > cells. But there is missing correct mode flag for writeable
> > files. Without this patch both proc files are read only.
On Wed, 20 Nov 2013 14:30:55 +0100 Pali Roh__r wrote:
> Both proc files are writeable and used for configuring cells. But
> there is missing correct mode flag for writeable files. Without
> this patch both proc files are read only.
>
> diff --git a/fs/afs/proc.c b/fs/afs/proc.c
> index 526e4bb..
On Wednesday 20 November 2013 14:30:55 Pali Rohár wrote:
> Both proc files are writeable and used for configuring cells.
> But there is missing correct mode flag for writeable files.
> Without this patch both proc files are read only.
>
> diff --git a/fs/afs/proc.c b/fs/afs/proc.c
> index 526e4bb.
29 matches
Mail list logo
