[Security] XFS swapext ioctl minor security issues
Dan Rosenberg
dan.j.rosenberg at gmail.com
Wed Jun 16 08:07:10 CDT 2010
Sure thing. This patch is against 2.6.34, but it appears that it can
apply to >= 2.6.25. Let me know if you need a fix for < 2.6.25.
For those new to the conversation, this patch prevents user "foo" from
using the SWAPEXT ioctl to swap a write-only file owned by user "bar"
into a file owned by "foo" and subsequently reading it. It does so by
checking that the file descriptors passed to the ioctl are also opened
for reading. In addition, after swapping any suid/sgid bits should be
cleared.
-Dan
On Wed, Jun 16, 2010 at 8:11 AM, Christoph Hellwig <hch at infradead.org> wrote:
> Dan, can you please send your fixes to the XFS list so that we can
> include them?
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xfs-swapext-ioctl.patch
Type: text/x-patch
Size: 1075 bytes
Desc: not available
URL: <http://oss.sgi.com/pipermail/xfs/attachments/20100616/d6c2f20b/attachment.patch>
More information about the xfs
mailing list