From 3bd858ab1c451725c07a805dcb315215dc85b86e Mon Sep 17 00:00:00 2001 From: Satyam Sharma Date: Tue, 17 Jul 2007 15:00:08 +0530 Subject: Introduce is_owner_or_cap() to wrap CAP_FOWNER use with fsuid check Introduce is_owner_or_cap() macro in fs.h, and convert over relevant users to it. This is done because we want to avoid bugs in the future where we check for only effective fsuid of the current task against a file's owning uid, without simultaneously checking for CAP_FOWNER as well, thus violating its semantics. [ XFS uses special macros and structures, and in general looked ... untouchable, so we leave it alone -- but it has been looked over. ] The (current->fsuid != inode->i_uid) check in generic_permission() and exec_permission_lite() is left alone, because those operations are covered by CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH. Similarly operations falling under the purview of CAP_CHOWN and CAP_LEASE are also left alone. Signed-off-by: Satyam Sharma Cc: Al Viro Acked-by: Serge E. Hallyn Signed-off-by: Linus Torvalds --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 78c3f98fcdcf..520b9998123e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2318,7 +2318,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value if (sbsec->behavior == SECURITY_FS_USE_MNTPOINT) return -EOPNOTSUPP; - if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER)) + if (!is_owner_or_cap(inode)) return -EPERM; AVC_AUDIT_DATA_INIT(&ad,FS); -- cgit v1.2.3-58-ga151