Re: BUG! sys_rename()


From: Stanislav Ievlev <inger@altlinux.ru>
Subject: Re: BUG! sys_rename()
Date: Thu, 31 May 2001 12:02:19 +0400

Next Article (by Author): Re: Pre-Fix for rename hole Stanislav Ievlev
Previous Article (by Author): BUG! sys_rename() Stanislav Ievlev
Top of Thread: BUG! sys_rename() Stanislav Ievlev
Next in Thread: Re: BUG! sys_rename() Amon Ott
Articles sorted by: [Date] [Author] [Subject]


This is a multi-part message in MIME format.
--------------070900010206060401060201
Content-Type: multipart/alternative;
 boundary="------------000104090409060003090208"


--------------000104090409060003090208
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Arkady A Drovosekov wrote:

>On Wed, May 30, 2001 at 07:36:49PM +0400, Stanislav Ievlev wrote:
>
>>I've created an example patch to solve this problem. See attach.
>>
>>--- namei.c.orig	Wed May 30 17:39:58 2001
>>+++ namei.c	Wed May 30 19:02:22 2001
>>
>which namei.c do you mean (full path)?
>
New patch (not tested yet):





--------------000104090409060003090208
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html><head></head><body>Arkady A Drovosekov wrote:<br>
<blockquote type="cite" cite="mid:20010531121811.K12522@pclin.suct.uu.ru"><pre wrap="">On Wed, May 30, 2001 at 07:36:49PM +0400, Stanislav Ievlev wrote:<br></pre>
  <blockquote type="cite"><pre wrap="">I've created an example patch to solve this problem. See attach.<br></pre></blockquote>
    <blockquote type="cite"><pre wrap="">--- namei.c.orig	Wed May 30 17:39:58 2001<br>+++ namei.c	Wed May 30 19:02:22 2001<br></pre></blockquote>
      <pre wrap=""><!---->which namei.c do you mean (full path)?<br></pre>
      </blockquote>
New patch (not tested yet):<br>
      <br>
      <br>
      <br>
      <br>
</body></html>
--------------000104090409060003090208--

--------------070900010206060401060201
Content-Type: text/plain;
 name="rsbac-rename-fix.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="rsbac-rename-fix.patch"

diff -Naur linux.orig/fs/namei.c linux/fs/namei.c
--- linux.orig/fs/namei.c	Thu May 31 11:36:57 2001
+++ linux/fs/namei.c	Thu May 31 11:52:08 2001
@@ -2488,6 +2488,11 @@
         enum  rsbac_target_t          rsbac_target;
         union rsbac_target_id_t       rsbac_target_id;
         union rsbac_attribute_value_t rsbac_attribute_value;
+
+        enum  rsbac_target_t          rsbac_target_new;
+        union rsbac_target_id_t       rsbac_target_id_new;
+        union rsbac_attribute_value_t rsbac_attribute_value_new;
+
         #endif
 
 	if (path_init(oldname, LOOKUP_PARENT, &oldnd))
@@ -2533,6 +2538,11 @@
 			goto exit4;
 	}
 
+	new_dentry = lookup_hash(&newnd.last, new_dir);
+	error = PTR_ERR(new_dentry);
+	if (IS_ERR(new_dentry))
+		goto exit4;
+
         /* RSBAC */
         #ifdef CONFIG_RSBAC
         if (rsbac_debug_aef)
@@ -2557,11 +2567,35 @@
                                rsbac_attribute_value))
           {
             error = -EPERM;
-            goto exit4;
+            goto exit_spec;
           }
         if (rsbac_debug_aef)
           printk(KERN_DEBUG
                  "do_rename() [sys_rename()]: calling ADF for WRITE on new_dir\n");
+	if(new_dentry->d_inode){/*trying to rewrite existing object*/
+        rsbac_target_new = T_FILE;
+        if (S_ISDIR(new_dentry->d_inode->i_mode))
+          rsbac_target_new = T_DIR;
+        else if (S_ISFIFO (new_dentry->d_inode->i_mode))
+          rsbac_target_new = T_FIFO;
+        else if (S_ISLNK (new_dentry->d_inode->i_mode))
+          rsbac_target_new = T_SYMLINK;
+        
+	rsbac_target_id_new.file.device = new_dentry->d_inode->i_dev;
+        rsbac_target_id_new.file.inode  = new_dentry->d_inode->i_ino;
+        rsbac_target_id_new.file.dentry_p = new_dentry;
+        rsbac_attribute_value_new.dummy = 0;
+        if (!rsbac_adf_request(R_DELETE,
+                               current->pid,
+                               rsbac_target_new,
+                               rsbac_target_id_new,
+                               A_none,
+                               rsbac_attribute_value_new))
+          {
+            error = -EPERM;
+            goto exit_spec;
+          }
+	 }else{/*check parent directory for writing*/
         rsbac_target_id.dir.device = new_dir->d_inode->i_dev;
         rsbac_target_id.dir.inode  = new_dir->d_inode->i_ino;
         rsbac_target_id.dir.dentry_p = new_dir;
@@ -2574,20 +2608,18 @@
                                rsbac_attribute_value))
           {
             error = -EPERM;
-            goto exit4;
+            goto exit_spec;
           }
+	 } 
         #endif /* CONFIG_RSBAC */
 
-	new_dentry = lookup_hash(&newnd.last, new_dir);
-	error = PTR_ERR(new_dentry);
-	if (IS_ERR(new_dentry))
-		goto exit4;
 
 	lock_kernel();
 	error = vfs_rename(old_dir->d_inode, old_dentry,
 				   new_dir->d_inode, new_dentry);
 	unlock_kernel();
-
+	
+exit_spec:
 	dput(new_dentry);
 exit4:
 	dput(old_dentry);

--------------070900010206060401060201--

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Re: Pre-Fix for rename hole Stanislav Ievlev
Previous Article (by Author): BUG! sys_rename() Stanislav Ievlev
Top of Thread: BUG! sys_rename() Stanislav Ievlev
Next in Thread: Re: BUG! sys_rename() Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.