Quoting Trond Myklebust ([email protected]):
> On Tue, 2007-08-07 at 17:17 -0500, Serge E. Hallyn wrote:
>
> > diff --git a/fs/splice.c b/fs/splice.c
> > index e36c003..2df95f3 100644
> > --- a/fs/splice.c
> > +++ b/fs/splice.c
> > @@ -827,6 +827,12 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
> > ssize_t ret;
> > int err;
> >
> > + mutex_lock(&inode->i_mutex);
> > + err = security_inode_killpriv(out->f_path.dentry);
> > + mutex_unlock(&inode->i_mutex);
> > + if (err)
> > + return err;
>
> You are unconditionally taking the i_mutex whether or not you actually
> have any capabilities to remove. Normally, removing capabilities due to
> a write is something which occurs once every blue moon. Can't you
> introduce a heuristic along the lines of should_remove_suid() in order
> to optimise away the common case?
Yeah, I did that in v1, but didn't want to add two new security_ hooks.
But I'll send a v4 doing that.
> In addition, if you need to remove both the capabilities and the suid
> bits, then it should be unnecessary to take the i_mutex twice.
Good point, I'll consolidate those.
> > +
> > err = should_remove_suid(out->f_path.dentry);
> > if (unlikely(err)) {
> > mutex_lock(&inode->i_mutex);
>
> Trond
thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
