fs: allow AT_EMPTY_PATH in linkat(), limit that to CAP_DAC_READ_SEARCH (11a7b371) · Commits · e / devices / android_kernel_samsung_universal8890

fs/namei.c

+16 −4

Original line number	Diff line number	Diff line
		@@ -2945,15 +2945,27 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
		struct dentry *new_dentry;
		struct nameidata nd;
		struct path old_path;
		int how = 0;
		int error;
		char *to;

		if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
		if ((flags & ~(AT_SYMLINK_FOLLOW \| AT_EMPTY_PATH)) != 0)
		return -EINVAL;
		/*
		* To use null names we require CAP_DAC_READ_SEARCH
		* This ensures that not everyone will be able to create
		* handlink using the passed filedescriptor.
		*/
		if (flags & AT_EMPTY_PATH) {
		if (!capable(CAP_DAC_READ_SEARCH))
		return -ENOENT;
		how = LOOKUP_EMPTY;
		}

		if (flags & AT_SYMLINK_FOLLOW)
		how \|= LOOKUP_FOLLOW;

		error = user_path_at(olddfd, oldname,
		flags & AT_SYMLINK_FOLLOW ? LOOKUP_FOLLOW : 0,
		&old_path);
		error = user_path_at(olddfd, oldname, how, &old_path);
		if (error)
		return error;