[PATCH] don't allow utime()/utimes() on immutable/append-only files

Ethan Benson (erbenson@alaska.net)
Sat, 7 Jun 2003 22:14:39 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dan Kegel: "huge file drivers/scsi/aic78xx/CHANGELOG in 2.4.21-rc7?"
Previous message: Dave Hansen: "Re: [RFC] machine_reboot and friends"

Hi,

I recently noticed that utime() and utimes() is allowed on immutable
or append-only files. I believe this should not be permitted.

Attached is a patch which returns -EPERM on attempts to set timestamps
explicitly (utime[s]() with a timebuf arg), and which returns EACCES
when these are called with a NULL time arg for immutable files.

utime/utimes with a NULL time arg is allowed on an append-only file.
Since timestamps are updated when append-only files are written to, it
seems acceptable to allow the timestamp to be updated to the current
time.

I am not subscribed to linux-kernel, so please CC any replies, thanks.

--- linux.orig/fs/open.c Sun Jun 1 20:39:38 2003
+++ linux/fs/open.c Sun Jun 1 20:54:14 2003
@@ -272,6 +272,9 @@
/* Don't worry, the checks are done in inode_change_ok() */
newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;
if (times) {
+ error = -EPERM;
+ if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
+ goto dput_and_out;
error = get_user(newattrs.ia_atime, &times->actime);
if (!error)
error = get_user(newattrs.ia_mtime, &times->modtime);
@@ -280,6 +283,9 @@

newattrs.ia_valid |= ATTR_ATIME_SET | ATTR_MTIME_SET;
} else {
+ error = -EACCES;
+ if (IS_IMMUTABLE(inode))
+ goto dput_and_out;
if (current->fsuid != inode->i_uid &&
(error = permission(inode,MAY_WRITE)) != 0)
goto dput_and_out;
@@ -318,6 +324,9 @@
newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;
if (utimes) {
struct timeval times[2];
+ error = -EPERM;
+ if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
+ goto dput_and_out;
error = -EFAULT;
if (copy_from_user(&times, utimes, sizeof(times)))
goto dput_and_out;
@@ -325,6 +334,10 @@
newattrs.ia_mtime = times[1].tv_sec;
newattrs.ia_valid |= ATTR_ATIME_SET | ATTR_MTIME_SET;
} else {
+ error = -EACCES;
+ if (IS_IMMUTABLE(inode))
+ goto dput_and_out;
+
if (current->fsuid != inode->i_uid &&
(error = permission(inode,MAY_WRITE)) != 0)
goto dput_and_out;

-- 
Ethan Benson
http://www.alaska.net/~erbenson/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Dan Kegel: "huge file drivers/scsi/aic78xx/CHANGELOG in 2.4.21-rc7?"
Previous message: Dave Hansen: "Re: [RFC] machine_reboot and friends"