Setxattr does not check the permission when setting ACL xattrs. This
will cause security problem because any user can walk around
permission checking by changing ACL rules.
Signed-off-by: Li Xi <lixi@ddn.com>
Change-Id: I1e5c44674f2e22ecbe29a589a219bed52d037b9b
Reviewed-on: http://review.whamcloud.com/9473
Tested-by: Jenkins
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Reviewed-by: Bob Glossman <bob.glossman@intel.com>
Reviewed-by: John L. Hammond <john.hammond@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
])
#
+# 2.6.39 renames is_owner_or_cap to inode_owner_or_capable
+#
+AC_DEFUN([LC_HAVE_INODE_OWNER_OR_CAPABLE],
+[AC_MSG_CHECKING([if inode_owner_or_capable exist])
+LB_LINUX_TRY_COMPILE([
+ #include <linux/fs.h>
+],[
+ inode_owner_or_capable(NULL);
+],[
+ AC_DEFINE(HAVE_INODE_OWNER_OR_CAPABLE, 1,
+ [inode_owner_or_capable exist])
+ AC_MSG_RESULT([yes])
+],[
+ AC_MSG_RESULT([no])
+])
+])
+
+#
# 3.0 dirty_inode() has a flag parameter
# see kernel commit aa38572954ade525817fe88c54faebf85e5a61c0
#
LC_HAVE_FHANDLE_SYSCALLS
LC_HAVE_FSTYPE_MOUNT
LC_IOP_TRUNCATE
+ LC_HAVE_INODE_OWNER_OR_CAPABLE
# 3.0
LC_DIRTY_INODE_WITH_FLAG
if (rc)
RETURN(rc);
+ if ((xattr_type == XATTR_ACL_ACCESS_T ||
+ xattr_type == XATTR_ACL_DEFAULT_T) &&
+#ifdef HAVE_INODE_OWNER_OR_CAPABLE
+ !inode_owner_or_capable(inode))
+#else
+ !is_owner_or_cap(inode))
+#endif
+ return -EPERM;
+
/* b10667: ignore lustre special xattr for now */
if ((xattr_type == XATTR_TRUSTED_T && strcmp(name, "trusted.lov") == 0) ||
(xattr_type == XATTR_LUSTRE_T && strcmp(name, "lustre.lov") == 0))