From patchwork Thu May 21 14:05:52 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jan Kara <jack@suse.cz>
X-Patchwork-Id: 6455591
Return-Path: <linux-fsdevel-owner@kernel.org>
X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 31ED9C0432
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 21 May 2015 14:06:26 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 4B13D20435
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 21 May 2015 14:06:22 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id AADAF2045B
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 21 May 2015 14:06:16 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755965AbbEUOGL (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Thu, 21 May 2015 10:06:11 -0400
Received: from cantor2.suse.de ([195.135.220.15]:49459 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755784AbbEUOGE (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 21 May 2015 10:06:04 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id D757DAC62;
	Thu, 21 May 2015 14:06:02 +0000 (UTC)
Received: by quack.suse.cz (Postfix, from userid 1000)
	id BF05B8281F; Thu, 21 May 2015 16:06:01 +0200 (CEST)
From: Jan Kara <jack@suse.cz>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
	linux-fsdevel@vger.kernel.org, dchinner@redhat.com,
	Serge Hallyn <serge.hallyn@canonical.com>,
	linux-security-module@vger.kernel.org, Jan Kara <jack@suse.cz>,
	stable@vger.kernel.org
Subject: [PATCH 1/5] fs: Fix S_NOSEC handling
Date: Thu, 21 May 2015 16:05:52 +0200
Message-Id: <1432217157-27876-2-git-send-email-jack@suse.cz>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1432217157-27876-1-git-send-email-jack@suse.cz>
References: <1432217157-27876-1-git-send-email-jack@suse.cz>
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

file_remove_suid() could mistakenly set S_NOSEC inode bit when root was
modifying the file. As a result following writes to the file by ordinary
user would avoid clearing suid or sgid bits.

Fix the bug by checking actual mode bits before setting S_NOSEC.

CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/inode.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/inode.c b/fs/inode.c
index ea37cd17b53f..6e342cadef81 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1693,8 +1693,8 @@ int file_remove_suid(struct file *file)
 		error = security_inode_killpriv(dentry);
 	if (!error && killsuid)
 		error = __remove_suid(dentry, killsuid);
-	if (!error && (inode->i_sb->s_flags & MS_NOSEC))
-		inode->i_flags |= S_NOSEC;
+	if (!error)
+		inode_has_no_xattr(inode);
 
 	return error;
 }