Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e57ac683 authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Linus Torvalds
Browse files

fuse: fix allowing operations 



The following operation didn't check if sending the request was allowed:

  setattr
  listxattr
  statfs

Some other operations don't explicitly do the check, but VFS calls
->permission() which checks this.

Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 42a2b6ad

fs/fuse/dir.c

+7 −1
Original line number Original line Diff line number Diff line
@@ -721,7 +721,7 @@ static int fuse_refresh_attributes(struct inode *inode) 
 * for which the owner of the mount has ptrace privilege.  This

 * for which the owner of the mount has ptrace privilege.  This

 * excludes processes started by other users, suid or sgid processes.

 * excludes processes started by other users, suid or sgid processes.

 */

 */

static int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task)

int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task)

{

{

	if (fc->flags & FUSE_ALLOW_OTHER)

	if (fc->flags & FUSE_ALLOW_OTHER)

		return 1;

		return 1;
@@ -1005,6 +1005,9 @@ static int fuse_setattr(struct dentry *entry, struct iattr *attr) 
	struct fuse_attr_out outarg;

	struct fuse_attr_out outarg;

	int err;

	int err;





	if (!fuse_allow_task(fc, current))

		return -EACCES;



	if (fc->flags & FUSE_DEFAULT_PERMISSIONS) {

	if (fc->flags & FUSE_DEFAULT_PERMISSIONS) {

		err = inode_change_ok(inode, attr);

		err = inode_change_ok(inode, attr);

		if (err)

		if (err)
@@ -1172,6 +1175,9 @@ static ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) 
	struct fuse_getxattr_out outarg;

	struct fuse_getxattr_out outarg;

	ssize_t ret;

	ssize_t ret;





	if (!fuse_allow_task(fc, current))

		return -EACCES;



	if (fc->no_listxattr)

	if (fc->no_listxattr)

		return -EOPNOTSUPP;

		return -EOPNOTSUPP;

fs/fuse/fuse_i.h

+5 −0
Original line number Original line Diff line number Diff line
@@ -565,3 +565,8 @@ void fuse_ctl_remove_conn(struct fuse_conn *fc); 
 * Is file type valid?

 * Is file type valid?

 */

 */

int fuse_valid_type(int m);

int fuse_valid_type(int m);



/**

 * Is task allowed to perform filesystem operation?

 */

int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task);

fs/fuse/inode.c

+5 −0
Original line number Original line Diff line number Diff line
@@ -287,6 +287,11 @@ static int fuse_statfs(struct dentry *dentry, struct kstatfs *buf) 
	struct fuse_statfs_out outarg;

	struct fuse_statfs_out outarg;

	int err;

	int err;





	if (!fuse_allow_task(fc, current)) {

		buf->f_type = FUSE_SUPER_MAGIC;

		return 0;

	}



	req = fuse_get_req(fc);

	req = fuse_get_req(fc);

	if (IS_ERR(req))

	if (IS_ERR(req))

		return PTR_ERR(req);

		return PTR_ERR(req);