[kernel] r9546 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Tue Sep 25 06:24:14 UTC 2007

Author: dannf
Date: Tue Sep 25 06:24:13 2007
New Revision: 9546

Log:
* bugfix/jffs2-ACL-vs-mode-handling.patch
  [SECURITY] Write correct legacy modes to the medium on inode creation to
  prevent incorrect permissions upon remount.

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/jffs2-ACL-vs-mode-handling.patch
Modified:
   dists/etch-security/linux-2.6/debian/changelog
   dists/etch-security/linux-2.6/debian/patches/series/13etch3

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================

--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Tue Sep 25 06:24:13 2007
@@ -16,8 +16,11 @@
   * bugfix/amd64-zero-extend-32bit-ptrace.patch
     [SECURITY] Zero extend all registers after ptrace in 32-bit entry path.
     See CVE-2007-4573
+  * bugfix/jffs2-ACL-vs-mode-handling.patch
+    [SECURITY] Write correct legacy modes to the medium on inode creation to
+    prevent incorrect permissions upon remount.
 
- -- dann frazier <dannf at debian.org>  Tue, 25 Sep 2007 00:12:13 -0600
+ -- dann frazier <dannf at debian.org>  Tue, 25 Sep 2007 00:19:49 -0600
 
 linux-2.6 (2.6.18.dfsg.1-13etch2) stable-security; urgency=high
 

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/jffs2-ACL-vs-mode-handling.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/jffs2-ACL-vs-mode-handling.patch	Tue Sep 25 06:24:13 2007
@@ -0,0 +1,355 @@
+From: David Woodhouse <dwmw2 at infradead.org>
+Date: Wed, 22 Aug 2007 11:39:19 +0000 (+0100)
+Subject: [JFFS2] Fix ACL vs. mode handling.
+X-Git-Url: http://git.infradead.org/?p=mtd-2.6.git;a=commitdiff_plain;h=9ed437c50d89eabae763dd422579f73fdebf288d
+
+[JFFS2] Fix ACL vs. mode handling.
+
+When POSIX ACL support was enabled, we weren't writing correct
+legacy modes to the medium on inode creation, or when the ACL was set.
+This meant that the permissions would be incorrect after the file system
+was remounted.
+
+Signed-off-by: David Woodhouse <dwmw2 at infradead.org>
+---
+
+diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c
+index 65b3a1b..8ec9323 100644
+--- a/fs/jffs2/acl.c
++++ b/fs/jffs2/acl.c
+@@ -176,7 +176,7 @@ static void jffs2_iset_acl(struct inode *inode, struct posix_acl **i_acl, struct
+ 	spin_unlock(&inode->i_lock);
+ }
+ 
+-static struct posix_acl *jffs2_get_acl(struct inode *inode, int type)
++struct posix_acl *jffs2_get_acl(struct inode *inode, int type)
+ {
+ 	struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
+ 	struct posix_acl *acl;
+@@ -247,8 +247,13 @@ static int jffs2_set_acl(struct inode *inode, int type, struct posix_acl *acl)
+ 			if (rc < 0)
+ 				return rc;
+ 			if (inode->i_mode != mode) {
+-				inode->i_mode = mode;
+-				jffs2_dirty_inode(inode);
++				struct iattr attr;
++
++				attr.ia_valid = ATTR_MODE;
++				attr.ia_mode = mode;
++				rc = jffs2_do_setattr(inode, &attr);
++				if (rc < 0)
++					return rc;
+ 			}
+ 			if (rc == 0)
+ 				acl = NULL;
+@@ -307,22 +312,16 @@ int jffs2_permission(struct inode *inode, int mask, struct nameidata *nd)
+ 	return generic_permission(inode, mask, jffs2_check_acl);
+ }
+ 
+-int jffs2_init_acl(struct inode *inode, struct inode *dir)
++int jffs2_init_acl(struct inode *inode, struct posix_acl *acl)
+ {
+ 	struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
+-	struct posix_acl *acl = NULL, *clone;
++	struct posix_acl *clone;
+ 	mode_t mode;
+ 	int rc = 0;
+ 
+ 	f->i_acl_access = JFFS2_ACL_NOT_CACHED;
+ 	f->i_acl_default = JFFS2_ACL_NOT_CACHED;
+-	if (!S_ISLNK(inode->i_mode)) {
+-		acl = jffs2_get_acl(dir, ACL_TYPE_DEFAULT);
+-		if (IS_ERR(acl))
+-			return PTR_ERR(acl);
+-		if (!acl)
+-			inode->i_mode &= ~current->fs->umask;
+-	}
++
+ 	if (acl) {
+ 		if (S_ISDIR(inode->i_mode)) {
+ 			rc = jffs2_set_acl(inode, ACL_TYPE_DEFAULT, acl);
+diff --git a/fs/jffs2/acl.h b/fs/jffs2/acl.h
+index c84378c..90a2dbf 100644
+--- a/fs/jffs2/acl.h
++++ b/fs/jffs2/acl.h
+@@ -28,9 +28,10 @@ struct jffs2_acl_header {
+ 
+ #define JFFS2_ACL_NOT_CACHED ((void *)-1)
+ 
++extern struct posix_acl *jffs2_get_acl(struct inode *inode, int type);
+ extern int jffs2_permission(struct inode *, int, struct nameidata *);
+ extern int jffs2_acl_chmod(struct inode *);
+-extern int jffs2_init_acl(struct inode *, struct inode *);
++extern int jffs2_init_acl(struct inode *, struct posix_acl *);
+ extern void jffs2_clear_acl(struct jffs2_inode_info *);
+ 
+ extern struct xattr_handler jffs2_acl_access_xattr_handler;
+@@ -38,6 +39,7 @@ extern struct xattr_handler jffs2_acl_default_xattr_handler;
+ 
+ #else
+ 
++#define jffs2_get_acl(inode, type)	(NULL)
+ #define jffs2_permission NULL
+ #define jffs2_acl_chmod(inode)		(0)
+ #define jffs2_init_acl(inode,dir)	(0)
+diff --git a/fs/jffs2/dir.c b/fs/jffs2/dir.c
+index d293a1f..8353eb9 100644
+--- a/fs/jffs2/dir.c
++++ b/fs/jffs2/dir.c
+@@ -182,6 +182,7 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode,
+ 	struct jffs2_inode_info *f, *dir_f;
+ 	struct jffs2_sb_info *c;
+ 	struct inode *inode;
++	struct posix_acl *acl;
+ 	int ret;
+ 
+ 	ri = jffs2_alloc_raw_inode();
+@@ -192,7 +193,7 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode,
+ 
+ 	D1(printk(KERN_DEBUG "jffs2_create()\n"));
+ 
+-	inode = jffs2_new_inode(dir_i, mode, ri);
++	inode = jffs2_new_inode(dir_i, mode, ri, &acl);
+ 
+ 	if (IS_ERR(inode)) {
+ 		D1(printk(KERN_DEBUG "jffs2_new_inode() failed\n"));
+@@ -212,12 +213,12 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode,
+ 			      dentry->d_name.name, dentry->d_name.len);
+ 
+ 	if (ret)
+-		goto fail;
++		goto fail_acl;
+ 
+ 	ret = jffs2_init_security(inode, dir_i);
+ 	if (ret)
+-		goto fail;
+-	ret = jffs2_init_acl(inode, dir_i);
++		goto fail_acl;
++	ret = jffs2_init_acl(inode, acl);
+ 	if (ret)
+ 		goto fail;
+ 
+@@ -230,6 +231,8 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode,
+ 		  inode->i_ino, inode->i_mode, inode->i_nlink, f->inocache->nlink, inode->i_mapping->nrpages));
+ 	return 0;
+ 
++ fail_acl:
++	posix_acl_release(acl);
+  fail:
+ 	make_bad_inode(inode);
+ 	iput(inode);
+@@ -306,6 +309,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
+ 	struct jffs2_full_dirent *fd;
+ 	int namelen;
+ 	uint32_t alloclen;
++	struct posix_acl *acl;
+ 	int ret, targetlen = strlen(target);
+ 
+ 	/* FIXME: If you care. We'd need to use frags for the target
+@@ -332,7 +336,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
+ 		return ret;
+ 	}
+ 
+-	inode = jffs2_new_inode(dir_i, S_IFLNK | S_IRWXUGO, ri);
++	inode = jffs2_new_inode(dir_i, S_IFLNK | S_IRWXUGO, ri, &acl);
+ 
+ 	if (IS_ERR(inode)) {
+ 		jffs2_free_raw_inode(ri);
+@@ -362,6 +366,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
+ 		up(&f->sem);
+ 		jffs2_complete_reservation(c);
+ 		jffs2_clear_inode(inode);
++		posix_acl_release(acl);
+ 		return PTR_ERR(fn);
+ 	}
+ 
+@@ -372,6 +377,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
+ 		up(&f->sem);
+ 		jffs2_complete_reservation(c);
+ 		jffs2_clear_inode(inode);
++		posix_acl_release(acl);
+ 		return -ENOMEM;
+ 	}
+ 
+@@ -389,9 +395,10 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
+ 	ret = jffs2_init_security(inode, dir_i);
+ 	if (ret) {
+ 		jffs2_clear_inode(inode);
++		posix_acl_release(acl);
+ 		return ret;
+ 	}
+-	ret = jffs2_init_acl(inode, dir_i);
++	ret = jffs2_init_acl(inode, acl);
+ 	if (ret) {
+ 		jffs2_clear_inode(inode);
+ 		return ret;
+@@ -469,6 +476,7 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
+ 	struct jffs2_full_dirent *fd;
+ 	int namelen;
+ 	uint32_t alloclen;
++	struct posix_acl *acl;
+ 	int ret;
+ 
+ 	mode |= S_IFDIR;
+@@ -491,7 +499,7 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
+ 		return ret;
+ 	}
+ 
+-	inode = jffs2_new_inode(dir_i, mode, ri);
++	inode = jffs2_new_inode(dir_i, mode, ri, &acl);
+ 
+ 	if (IS_ERR(inode)) {
+ 		jffs2_free_raw_inode(ri);
+@@ -518,6 +526,7 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
+ 		up(&f->sem);
+ 		jffs2_complete_reservation(c);
+ 		jffs2_clear_inode(inode);
++		posix_acl_release(acl);
+ 		return PTR_ERR(fn);
+ 	}
+ 	/* No data here. Only a metadata node, which will be
+@@ -531,9 +540,10 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
+ 	ret = jffs2_init_security(inode, dir_i);
+ 	if (ret) {
+ 		jffs2_clear_inode(inode);
++		posix_acl_release(acl);
+ 		return ret;
+ 	}
+-	ret = jffs2_init_acl(inode, dir_i);
++	ret = jffs2_init_acl(inode, acl);
+ 	if (ret) {
+ 		jffs2_clear_inode(inode);
+ 		return ret;
+@@ -629,6 +639,7 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
+ 	union jffs2_device_node dev;
+ 	int devlen = 0;
+ 	uint32_t alloclen;
++	struct posix_acl *acl;
+ 	int ret;
+ 
+ 	if (!new_valid_dev(rdev))
+@@ -655,7 +666,7 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
+ 		return ret;
+ 	}
+ 
+-	inode = jffs2_new_inode(dir_i, mode, ri);
++	inode = jffs2_new_inode(dir_i, mode, ri, &acl);
+ 
+ 	if (IS_ERR(inode)) {
+ 		jffs2_free_raw_inode(ri);
+@@ -684,6 +695,7 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
+ 		up(&f->sem);
+ 		jffs2_complete_reservation(c);
+ 		jffs2_clear_inode(inode);
++		posix_acl_release(acl);
+ 		return PTR_ERR(fn);
+ 	}
+ 	/* No data here. Only a metadata node, which will be
+@@ -697,9 +709,10 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
+ 	ret = jffs2_init_security(inode, dir_i);
+ 	if (ret) {
+ 		jffs2_clear_inode(inode);
++		posix_acl_release(acl);
+ 		return ret;
+ 	}
+-	ret = jffs2_init_acl(inode, dir_i);
++	ret = jffs2_init_acl(inode, acl);
+ 	if (ret) {
+ 		jffs2_clear_inode(inode);
+ 		return ret;
+diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
+index 1d3b7a9..dd64ddc 100644
+--- a/fs/jffs2/fs.c
++++ b/fs/jffs2/fs.c
+@@ -24,7 +24,7 @@
+ 
+ static int jffs2_flash_setup(struct jffs2_sb_info *c);
+ 
+-static int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
++int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
+ {
+ 	struct jffs2_full_dnode *old_metadata, *new_metadata;
+ 	struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
+@@ -36,10 +36,8 @@ static int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
+ 	unsigned int ivalid;
+ 	uint32_t alloclen;
+ 	int ret;
++
+ 	D1(printk(KERN_DEBUG "jffs2_setattr(): ino #%lu\n", inode->i_ino));
+-	ret = inode_change_ok(inode, iattr);
+-	if (ret)
+-		return ret;
+ 
+ 	/* Special cases - we don't want more than one data node
+ 	   for these types on the medium at any time. So setattr
+@@ -183,9 +181,14 @@ int jffs2_setattr(struct dentry *dentry, struct iattr *iattr)
+ {
+ 	int rc;
+ 
++	rc = inode_change_ok(dentry->d_inode, iattr);
++	if (rc)
++		return rc;
++
+ 	rc = jffs2_do_setattr(dentry->d_inode, iattr);
+ 	if (!rc && (iattr->ia_valid & ATTR_MODE))
+ 		rc = jffs2_acl_chmod(dentry->d_inode);
++
+ 	return rc;
+ }
+ 
+@@ -399,7 +402,8 @@ void jffs2_write_super (struct super_block *sb)
+ 
+ /* jffs2_new_inode: allocate a new inode and inocache, add it to the hash,
+    fill in the raw_inode while you're at it. */
+-struct inode *jffs2_new_inode (struct inode *dir_i, int mode, struct jffs2_raw_inode *ri)
++struct inode *jffs2_new_inode (struct inode *dir_i, int mode, struct jffs2_raw_inode *ri,
++			       struct posix_acl **acl)
+ {
+ 	struct inode *inode;
+ 	struct super_block *sb = dir_i->i_sb;
+@@ -431,7 +435,23 @@ struct inode *jffs2_new_inode (struct inode *dir_i, int mode, struct jffs2_raw_i
+ 	} else {
+ 		ri->gid = cpu_to_je16(current->fsgid);
+ 	}
+-	ri->mode =  cpu_to_jemode(mode);
++
++	/* POSIX ACLs have to be processed now, at least partly.
++	   The umask is only applied if there's no default ACL */
++	if (!S_ISLNK(mode)) {
++		*acl = jffs2_get_acl(dir_i, ACL_TYPE_DEFAULT);
++		if (IS_ERR(*acl)) {
++			make_bad_inode(inode);
++			iput(inode);
++			inode = (void *)*acl;
++			*acl = NULL;
++			return inode;
++		}
++		if (!(*acl))
++			mode &= ~current->fs->umask;
++	} else {
++		*acl = NULL;
++	}
+ 	ret = jffs2_do_new_inode (c, f, mode, ri);
+ 	if (ret) {
+ 		make_bad_inode(inode);
+diff --git a/fs/jffs2/os-linux.h b/fs/jffs2/os-linux.h
+index 80daea9..f6743a9 100644
+--- a/fs/jffs2/os-linux.h
++++ b/fs/jffs2/os-linux.h
+@@ -173,12 +173,15 @@ int jffs2_ioctl(struct inode *, struct file *, unsigned int, unsigned long);
+ extern const struct inode_operations jffs2_symlink_inode_operations;
+ 
+ /* fs.c */
++struct posix_acl;
++
+ int jffs2_setattr (struct dentry *, struct iattr *);
++int jffs2_do_setattr (struct inode *, struct iattr *);
+ void jffs2_read_inode (struct inode *);
+ void jffs2_clear_inode (struct inode *);
+ void jffs2_dirty_inode(struct inode *inode);
+ struct inode *jffs2_new_inode (struct inode *dir_i, int mode,
+-			       struct jffs2_raw_inode *ri);
++			       struct jffs2_raw_inode *ri, struct posix_acl **acl);
+ int jffs2_statfs (struct dentry *, struct kstatfs *);
+ void jffs2_write_super (struct super_block *);
+ int jffs2_remount_fs (struct super_block *, int *, char *);

Modified: dists/etch-security/linux-2.6/debian/patches/series/13etch3
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/13etch3	(original)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch3	Tue Sep 25 06:24:13 2007
@@ -3,3 +3,4 @@
 + bugfix/prevent-stack-growth-into-hugetlb-region.patch
 + bugfix/cifs-honor-umask.patch
 + bugfix/amd64-zero-extend-32bit-ptrace.patch
++ bugfix/jffs2-ACL-vs-mode-handling.patch

