Skip to content

Commit

Permalink
Remove redundant check from proc_sys_setattr()
Browse files Browse the repository at this point in the history 
notify_change() already calls security_inode_setattr() before
calling iop->setattr.

Alan sayeth

  This is a behaviour change on all of these and limits some behaviour of
  existing established security modules

  When inode_change_ok is called it has side effects.  This includes
  clearing the SGID bit on attribute changes caused by chmod.  If you make
  this change the results of some rulesets may be different before or after
  the change is made.

  I'm not saying the change is wrong but it does change behaviour so that
  needs looking at closely (ditto all other attribute twiddles)

Signed-off-by: Steve Beattie <sbeattie@suse.de>
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: John Johansen <jjohansen@suse.de>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Cc: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  • Loading branch information
John Johansen authored and Linus Torvalds committed May 8, 2007
1 parent 1e8123f commit 9d0633c
Showing 1 changed file with 2 additions and 5 deletions.
7 changes: 2 additions & 5 deletions fs/proc/proc_sysctl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -429,11 +429,8 @@ static int proc_sys_setattr(struct dentry *dentry, struct iattr *attr)
return -EPERM;

error = inode_change_ok(inode, attr);
if (!error) {
error = security_inode_setattr(dentry, attr);
if (!error)
error = inode_setattr(inode, attr);
}
if (!error)
error = inode_setattr(inode, attr);

return error;
}
Expand Down

0 comments on commit 9d0633c

Please sign in to comment.