[thirdparty/kernel/stable-queue.git] / releases / 2.6.20.2 / fix-umask-when-noacl-kernel-meets-extn-tuned-for-acls.patch

From stable-bounces@linux.kernel.org Fri Feb 23 13:55:02 2007
From: Hugh Dickins <hugh@veritas.com>
Date: Fri, 23 Feb 2007 21:53:49 +0000 (GMT)
Subject: fix umask when noACL kernel meets extN tuned for ACLs
To: Greg KH <greg@kroah.com>
Cc: Chris Wright <chrisw@sous-sol.org>, Tigran Aivazian <tigran@aivazian.fsnet.co.uk>, stable@kernel.org, Andreas Gruenbacher <agruen@suse.de>
Message-ID: <Pine.LNX.4.64.0702232152330.11377@blonde.wat.veritas.com>

From: Hugh Dickins <hugh@veritas.com>

Fix insecure default behaviour reported by Tigran Aivazian: if an ext2
or ext3 or ext4 filesystem is tuned to mount with "acl", but mounted by
a kernel built without ACL support, then umask was ignored when creating
inodes - though root or user has umask 022, touch creates files as 0666,
and mkdir creates directories as 0777.

This appears to have worked right until 2.6.11, when a fix to the default
mode on symlinks (always 0777) assumed VFS applies umask: which it does,
unless the mount is marked for ACLs; but ext[234] set MS_POSIXACL in
s_flags according to s_mount_opt set according to def_mount_opts.

We could revert to the 2.6.10 ext[234]_init_acl (adding an S_ISLNK test);
but other filesystems only set MS_POSIXACL when ACLs are configured.  We
could fix this at another level; but it seems most robust to avoid setting
the s_mount_opt flag in the first place (at the expense of more ifdefs).

Likewise don't set the XATTR_USER flag when built without XATTR support.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Acked-by: Andreas Gruenbacher <agruen@suse.de>
Cc: Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 fs/ext2/super.c |    4 ++++
 fs/ext3/super.c |    4 ++++
 fs/ext4/super.c |    4 ++++
 3 files changed, 12 insertions(+)

--- linux-2.6.20.1.orig/fs/ext2/super.c
+++ linux-2.6.20.1/fs/ext2/super.c
@@ -708,10 +708,14 @@ static int ext2_fill_super(struct super_
 		set_opt(sbi->s_mount_opt, GRPID);
 	if (def_mount_opts & EXT2_DEFM_UID16)
 		set_opt(sbi->s_mount_opt, NO_UID32);
+#ifdef CONFIG_EXT2_FS_XATTR
 	if (def_mount_opts & EXT2_DEFM_XATTR_USER)
 		set_opt(sbi->s_mount_opt, XATTR_USER);
+#endif
+#ifdef CONFIG_EXT2_FS_POSIX_ACL
 	if (def_mount_opts & EXT2_DEFM_ACL)
 		set_opt(sbi->s_mount_opt, POSIX_ACL);
+#endif
 	
 	if (le16_to_cpu(sbi->s_es->s_errors) == EXT2_ERRORS_PANIC)
 		set_opt(sbi->s_mount_opt, ERRORS_PANIC);
--- linux-2.6.20.1.orig/fs/ext3/super.c
+++ linux-2.6.20.1/fs/ext3/super.c
@@ -1459,10 +1459,14 @@ static int ext3_fill_super (struct super
 		set_opt(sbi->s_mount_opt, GRPID);
 	if (def_mount_opts & EXT3_DEFM_UID16)
 		set_opt(sbi->s_mount_opt, NO_UID32);
+#ifdef CONFIG_EXT3_FS_XATTR
 	if (def_mount_opts & EXT3_DEFM_XATTR_USER)
 		set_opt(sbi->s_mount_opt, XATTR_USER);
+#endif
+#ifdef CONFIG_EXT3_FS_POSIX_ACL
 	if (def_mount_opts & EXT3_DEFM_ACL)
 		set_opt(sbi->s_mount_opt, POSIX_ACL);
+#endif
 	if ((def_mount_opts & EXT3_DEFM_JMODE) == EXT3_DEFM_JMODE_DATA)
 		sbi->s_mount_opt |= EXT3_MOUNT_JOURNAL_DATA;
 	else if ((def_mount_opts & EXT3_DEFM_JMODE) == EXT3_DEFM_JMODE_ORDERED)
--- linux-2.6.20.1.orig/fs/ext4/super.c
+++ linux-2.6.20.1/fs/ext4/super.c
@@ -1518,10 +1518,14 @@ static int ext4_fill_super (struct super
 		set_opt(sbi->s_mount_opt, GRPID);
 	if (def_mount_opts & EXT4_DEFM_UID16)
 		set_opt(sbi->s_mount_opt, NO_UID32);
+#ifdef CONFIG_EXT4DEV_FS_XATTR
 	if (def_mount_opts & EXT4_DEFM_XATTR_USER)
 		set_opt(sbi->s_mount_opt, XATTR_USER);
+#endif
+#ifdef CONFIG_EXT4DEV_FS_POSIX_ACL
 	if (def_mount_opts & EXT4_DEFM_ACL)
 		set_opt(sbi->s_mount_opt, POSIX_ACL);
+#endif
 	if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_DATA)
 		sbi->s_mount_opt |= EXT4_MOUNT_JOURNAL_DATA;
 	else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_ORDERED)
Commit	Line	Data
95c21306 GKH	1	From stable-bounces@linux.kernel.org Fri Feb 23 13:55:02 2007
	2	From: Hugh Dickins <hugh@veritas.com>
	3	Date: Fri, 23 Feb 2007 21:53:49 +0000 (GMT)
	4	Subject: fix umask when noACL kernel meets extN tuned for ACLs
	5	To: Greg KH <greg@kroah.com>
	6	Cc: Chris Wright <chrisw@sous-sol.org>, Tigran Aivazian <tigran@aivazian.fsnet.co.uk>, stable@kernel.org, Andreas Gruenbacher <agruen@suse.de>
	7	Message-ID: <Pine.LNX.4.64.0702232152330.11377@blonde.wat.veritas.com>
	8
	9	From: Hugh Dickins <hugh@veritas.com>
	10
	11	Fix insecure default behaviour reported by Tigran Aivazian: if an ext2
	12	or ext3 or ext4 filesystem is tuned to mount with "acl", but mounted by
	13	a kernel built without ACL support, then umask was ignored when creating
	14	inodes - though root or user has umask 022, touch creates files as 0666,
	15	and mkdir creates directories as 0777.
	16
	17	This appears to have worked right until 2.6.11, when a fix to the default
	18	mode on symlinks (always 0777) assumed VFS applies umask: which it does,
	19	unless the mount is marked for ACLs; but ext[234] set MS_POSIXACL in
	20	s_flags according to s_mount_opt set according to def_mount_opts.
	21
	22	We could revert to the 2.6.10 ext[234]_init_acl (adding an S_ISLNK test);
	23	but other filesystems only set MS_POSIXACL when ACLs are configured. We
	24	could fix this at another level; but it seems most robust to avoid setting
	25	the s_mount_opt flag in the first place (at the expense of more ifdefs).
	26
	27	Likewise don't set the XATTR_USER flag when built without XATTR support.
	28
	29	Signed-off-by: Hugh Dickins <hugh@veritas.com>
	30	Acked-by: Andreas Gruenbacher <agruen@suse.de>
	31	Cc: Tigran Aivazian <tigran@aivazian.fsnet.co.uk>
	32	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	33
	34	---
	35	fs/ext2/super.c \| 4 ++++
	36	fs/ext3/super.c \| 4 ++++
	37	fs/ext4/super.c \| 4 ++++
	38	3 files changed, 12 insertions(+)
	39
	40	--- linux-2.6.20.1.orig/fs/ext2/super.c
	41	+++ linux-2.6.20.1/fs/ext2/super.c
	42	@@ -708,10 +708,14 @@ static int ext2_fill_super(struct super_
	43	set_opt(sbi->s_mount_opt, GRPID);
	44	if (def_mount_opts & EXT2_DEFM_UID16)
	45	set_opt(sbi->s_mount_opt, NO_UID32);
	46	+#ifdef CONFIG_EXT2_FS_XATTR
	47	if (def_mount_opts & EXT2_DEFM_XATTR_USER)
	48	set_opt(sbi->s_mount_opt, XATTR_USER);
	49	+#endif
	50	+#ifdef CONFIG_EXT2_FS_POSIX_ACL
	51	if (def_mount_opts & EXT2_DEFM_ACL)
	52	set_opt(sbi->s_mount_opt, POSIX_ACL);
	53	+#endif
	54
	55	if (le16_to_cpu(sbi->s_es->s_errors) == EXT2_ERRORS_PANIC)
	56	set_opt(sbi->s_mount_opt, ERRORS_PANIC);
	57	--- linux-2.6.20.1.orig/fs/ext3/super.c
	58	+++ linux-2.6.20.1/fs/ext3/super.c
	59	@@ -1459,10 +1459,14 @@ static int ext3_fill_super (struct super
	60	set_opt(sbi->s_mount_opt, GRPID);
	61	if (def_mount_opts & EXT3_DEFM_UID16)
	62	set_opt(sbi->s_mount_opt, NO_UID32);
	63	+#ifdef CONFIG_EXT3_FS_XATTR
	64	if (def_mount_opts & EXT3_DEFM_XATTR_USER)
65	set_opt(sbi->s_mount_opt, XATTR_USER);
66	+#endif
67	+#ifdef CONFIG_EXT3_FS_POSIX_ACL
68	if (def_mount_opts & EXT3_DEFM_ACL)
69	set_opt(sbi->s_mount_opt, POSIX_ACL);
70	+#endif
71	if ((def_mount_opts & EXT3_DEFM_JMODE) == EXT3_DEFM_JMODE_DATA)
72	sbi->s_mount_opt \|= EXT3_MOUNT_JOURNAL_DATA;
73	else if ((def_mount_opts & EXT3_DEFM_JMODE) == EXT3_DEFM_JMODE_ORDERED)
74	--- linux-2.6.20.1.orig/fs/ext4/super.c
75	+++ linux-2.6.20.1/fs/ext4/super.c
76	@@ -1518,10 +1518,14 @@ static int ext4_fill_super (struct super
77	set_opt(sbi->s_mount_opt, GRPID);
78	if (def_mount_opts & EXT4_DEFM_UID16)
79	set_opt(sbi->s_mount_opt, NO_UID32);
80	+#ifdef CONFIG_EXT4DEV_FS_XATTR
81	if (def_mount_opts & EXT4_DEFM_XATTR_USER)
82	set_opt(sbi->s_mount_opt, XATTR_USER);
83	+#endif
84	+#ifdef CONFIG_EXT4DEV_FS_POSIX_ACL
85	if (def_mount_opts & EXT4_DEFM_ACL)
86	set_opt(sbi->s_mount_opt, POSIX_ACL);
87	+#endif
88	if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_DATA)
89	sbi->s_mount_opt \|= EXT4_MOUNT_JOURNAL_DATA;
90	else if ((def_mount_opts & EXT4_DEFM_JMODE) == EXT4_DEFM_JMODE_ORDERED)