xfs
[Top] [All Lists]

Re: [bug report]: chown(2) implementation in xfs is broken

To: Karol Lewandowski <klz@xxxxx>
Subject: Re: [bug report]: chown(2) implementation in xfs is broken
From: "Net Llama!" <netllama@xxxxxxxxxxxxx>
Date: Sun, 06 Jul 2003 17:34:13 -0700
Cc: linux-xfs@xxxxxxxxxxx
In-reply-to: <7kadbrchcp.fsf@xxxxxxxxxxxxxx>
Organization: HAL III
References: <7kadbrchcp.fsf@xxxxxxxxxxxxxx>
Sender: linux-xfs-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030625
On 07/06/03 17:26, Karol Lewandowski wrote:

Vanilla Linux 2.4.21 form kernel.org + xfs snapshot:
dmesg: SGI XFS snapshot-2.4.21-2003-06-23_01:45_UTC with no debug enabled

Any user can chown his own files to any uid or gid.

Unprivileged user (say karol) can do this successufly:

karol@greenplant:/tmp/test$ id
uid=1023(karol) gid=127(plant) 
groups=127(plant),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),101(dri)
karol@greenplant:/tmp/test$ touch newfile
karol@greenplant:/tmp/test$ ls -l
total 0
-rw-------    1 karol    plant           0 Jul  7 02:02 newfile
karol@greenplant:/tmp/test$ chown root:root newfile
karol@greenplant:/tmp/test$ ls -l
total 0
-rw-------    1 root     root            0 Jul  7 02:02 newfile
karol@greenplant:/tmp/test$


Patch for Linux 2.4.20 doesn't seem to have this problem, so i tried to locate
this issue... I think the problem is in <linuxroot>/fs/xfs/xfs_vnodeops.c
Unhopefuly I weren't able to fix it, I'm not kernel hacker (Yet :)

eeeek.  i just verified this on my boxes running 2.4.21-xfs.  scary.


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
L. Friedman                                    netllama@xxxxxxxxxxxxx
Linux Step-by-step & TyGeMo:                    http://netllama.ipfox.com

  5:30pm  up 1 day,  2:29,  1 user,  load average: 0.17, 0.18, 0.09


<Prev in Thread] Current Thread [Next in Thread>