diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2011-06-03 18:24:58 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2011-06-03 18:24:58 -0400 |
commit | 9e1f1de02c2275d7172e18dc4e7c2065777611bf (patch) | |
tree | 15e9d202e64275cdbff6ed1d54804da5966d7d8d /fs/ocfs2/super.c | |
parent | 1fa7b6a29c61358cc2ca6f64cef4aa0e1a7ca74c (diff) | |
download | op-kernel-dev-9e1f1de02c2275d7172e18dc4e7c2065777611bf.zip op-kernel-dev-9e1f1de02c2275d7172e18dc4e7c2065777611bf.tar.gz |
more conservative S_NOSEC handling
Caching "we have already removed suid/caps" was overenthusiastic as merged.
On network filesystems we might have had suid/caps set on another client,
silently picked by this client on revalidate, all of that *without* clearing
the S_NOSEC flag.
AFAICS, the only reasonably sane way to deal with that is
* new superblock flag; unless set, S_NOSEC is not going to be set.
* local block filesystems set it in their ->mount() (more accurately,
mount_bdev() does, so does btrfs ->mount(), users of mount_bdev() other than
local block ones clear it)
* if any network filesystem (or a cluster one) wants to use S_NOSEC,
it'll need to set MS_NOSEC in sb->s_flags *AND* take care to clear S_NOSEC when
inode attribute changes are picked from other clients.
It's not an earth-shattering hole (anybody that can set suid on another client
will almost certainly be able to write to the file before doing that anyway),
but it's a bug that needs fixing.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/ocfs2/super.c')
-rw-r--r-- | fs/ocfs2/super.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c index cdbaf5e..56f6102 100644 --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c @@ -1072,7 +1072,7 @@ static int ocfs2_fill_super(struct super_block *sb, void *data, int silent) sb->s_magic = OCFS2_SUPER_MAGIC; - sb->s_flags = (sb->s_flags & ~MS_POSIXACL) | + sb->s_flags = (sb->s_flags & ~(MS_POSIXACL | MS_NOSEC)) | ((osb->s_mount_opt & OCFS2_MOUNT_POSIX_ACL) ? MS_POSIXACL : 0); /* Hard readonly mode only if: bdev_read_only, MS_RDONLY, |