[hurd] 40/87: libdiskfs: add permission check to file_chflags

[Samuel Thibault]

This is an automated email from the git hooks/post-receive script.

sthibault pushed a commit to branch upstream
in repository hurd.

commit 944cfdbe6cff4e8025a730228b48c1a21b4a2e33
Author: Justus Winter <address@hidden>
Date:   Tue Jun 10 14:22:31 2014 +0200

    libdiskfs: add permission check to file_chflags
    
    Only root is allowed to change the high 16 bits.  The TODO entry says
    otherwise, but that must be a mistake.  For reference, see the glibc
    sources, sysdeps/mach/hurd/bits/stat.h.
    
    * libdiskfs/file-chflags.c (diskfs_S_file_chflags): Add permission
    check.
    * TODO (libdiskfs): Remove entry.
---
 TODO                     | 2 --
 libdiskfs/file-chflags.c | 8 ++++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/TODO b/TODO
index d2500dc..0387e9f 100644
--- a/TODO
+++ b/TODO
@@ -108,8 +108,6 @@ See `tasks', the exported task list.
    Rename the rest to libhurdutil or somesuch.
 
 ** libdiskfs
-*** file_chflags does not do proper permission checking (non-root isn't
-    supposed to be able to change the low bits)
 *** Add the short-circuited-but-not-builtin translator startup code from
     dir-lookup to fsys_getroot.  Compare and match carefully these two
     routines and then share common code.
diff --git a/libdiskfs/file-chflags.c b/libdiskfs/file-chflags.c
index 01dc495..a29ff07 100644
--- a/libdiskfs/file-chflags.c
+++ b/libdiskfs/file-chflags.c
@@ -23,8 +23,15 @@ kern_return_t
 diskfs_S_file_chflags (struct protid *cred,
                      int flags)
 {
+#define HI(X)  ((X) & 0xffff0000u)
   CHANGE_NODE_FIELD (cred,
                   ({
+                     /* Only root is allowed to change the high 16
+                        bits.  */
+                     if ((HI (flags) != HI (np->dn_stat.st_flags))
+                         && ! idvec_contains (cred->user->uids, 0))
+                       return EPERM;
+
                     err = fshelp_isowner (&np->dn_stat, cred->user);
                     if (!err)
                       err = diskfs_validate_flags_change (np, flags);
@@ -37,4 +44,5 @@ diskfs_S_file_chflags (struct protid *cred,
                       diskfs_notice_filechange(np, FILE_CHANGED_META, 
                                                0, 0);
                   }));
+#undef HI
 }

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/pkg-hurd/hurd.git