Re: Updated auth patch for 2.4.12

• Previous message: Chris Wright: "Re: Updated auth patch for 2.4.12"
• In reply to: richard offer: "Updated auth patch for 2.4.12"
• Next in thread: Chris Wright: "Re: Updated auth patch for 2.4.12"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* richard offer (offerat_private) wrote:
see comments interspersed below...

> ===== fs/attr.c 1.8 vs edited =====
> @@ -130,20 +130,19 @@
>  
>  	lock_kernel();
>  	if (inode->i_op && inode->i_op->setattr) {
> -		error = security_ops->inode_ops->setattr(dentry, attr);
> +		error = security_ops->inode_ops->setattr(error,dentry, attr);
>  		if (!error)
>  			error = inode->i_op->setattr(dentry, attr);
>  	} else {
>  		error = inode_change_ok(inode, attr);
> -		if (!error)
> -			error = security_ops->inode_ops->setattr(dentry, attr);

should be...
error = inode_change_ok(inode, attr);
error = security_ops->inode_ops->setattr(error, dentry, attr);
then...

>  		if (!error) {
>  			if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) ||
>  			    (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid))
>  				error = DQUOT_TRANSFER(inode, attr) ? -EDQUOT : 0;

don't get rid of these lines

> -			if (!error)
> -				inode_setattr(inode, attr);

> ===== fs/fcntl.c 1.6 vs edited =====
>  			       int fd,
>  			       int reason)
>  {
> +	int retval = 0;
            ^^^^^^
perhaps 'err' since this function returns void?

> ===== fs/namei.c 1.19 vs edited =====
> @@ -1873,13 +1871,11 @@
>  	else
>  		error = old_dir->i_op->rename(old_dir, old_dentry, new_dir, new_dentry);
>  	double_up(&old_dir->i_zombie, &new_dir->i_zombie);
> -	if (error)
> -		return error;
> -	/* The following d_move() should become unconditional */
> -	if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME)) {
> +	/* The following d_move() should become unconditional (except for "error")*/
> +	if (!error && !(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME)) {
>  		d_move(old_dentry, new_dentry);
>  	}
> -	security_ops->inode_ops->post_rename(old_dir, old_dentry, new_dir, new_dentry);

ugh, this one hurts to look at, but i don't know of any other solution :-(

> ===== fs/namespace.c 1.4 vs edited =====

looks fine.

> ===== fs/proc/base.c 1.8 vs edited =====

looks fine.

> ===== kernel/acct.c 1.7 vs edited =====

looks fine.

ran out of time...i'll keep looking (maybe not until after weekend,
since i'm gone for next 3 days).

-chris

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Example security modules"
• Previous message: Chris Wright: "Re: Updated auth patch for 2.4.12"
• In reply to: richard offer: "Updated auth patch for 2.4.12"
• Next in thread: Chris Wright: "Re: Updated auth patch for 2.4.12"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 18:51:31 PDT