Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 11a7b371 authored by Aneesh Kumar K.V's avatar Aneesh Kumar K.V Committed by Al Viro
Browse files

fs: allow AT_EMPTY_PATH in linkat(), limit that to CAP_DAC_READ_SEARCH



We don't want to allow creation of private hardlinks by different application
using the fd passed to them via SCM_RIGHTS. So limit the null relative name
usage in linkat syscall to CAP_DAC_READ_SEARCH

Signed-off-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
parent 326be7b4
Loading
Loading
Loading
Loading
+16 −4
Original line number Diff line number Diff line
@@ -2945,15 +2945,27 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
	struct dentry *new_dentry;
	struct nameidata nd;
	struct path old_path;
	int how = 0;
	int error;
	char *to;

	if ((flags & ~AT_SYMLINK_FOLLOW) != 0)
	if ((flags & ~(AT_SYMLINK_FOLLOW | AT_EMPTY_PATH)) != 0)
		return -EINVAL;
	/*
	 * To use null names we require CAP_DAC_READ_SEARCH
	 * This ensures that not everyone will be able to create
	 * handlink using the passed filedescriptor.
	 */
	if (flags & AT_EMPTY_PATH) {
		if (!capable(CAP_DAC_READ_SEARCH))
			return -ENOENT;
		how = LOOKUP_EMPTY;
	}

	if (flags & AT_SYMLINK_FOLLOW)
		how |= LOOKUP_FOLLOW;

	error = user_path_at(olddfd, oldname,
			     flags & AT_SYMLINK_FOLLOW ? LOOKUP_FOLLOW : 0,
			     &old_path);
	error = user_path_at(olddfd, oldname, how, &old_path);
	if (error)
		return error;