From 25aa73df408537bcdbfcafd08ee2696b0db90edc Mon Sep 17 00:00:00 2001 From: Andrew Morton Date: Sat, 17 Apr 2004 03:29:22 -0700 Subject: [PATCH] [PATCH] mqueue permission fix From: Manfred Spraul Any user can delete any entries in a mqueue mounted filesystem. The attached patch prevents that. - remove the writable test from mq_unlink. - set the sticky bit in the root inode. This affects both mq_unlink and sys_unlink: only the owner (and root) should be allowed to remove queues. --- ipc/mqueue.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 72f74d564f9b..8c54e3e81d22 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -153,7 +153,7 @@ static int mqueue_fill_super(struct super_block *sb, void *data, int silent) sb->s_magic = MQUEUE_MAGIC; sb->s_op = &mqueue_super_ops; - inode = mqueue_get_inode(sb, S_IFDIR | S_IRWXUGO); + inode = mqueue_get_inode(sb, S_IFDIR | S_ISVTX | S_IRWXUGO); if (!inode) return -ENOMEM; @@ -685,10 +685,6 @@ asmlinkage long sys_mq_unlink(const char __user *u_name) goto out_err; } - if (permission(dentry->d_inode, MAY_WRITE, NULL)) { - err = -EACCES; - goto out_err; - } inode = dentry->d_inode; if (inode) atomic_inc(&inode->i_count); -- 2.39.5