<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/git/stable/linux.git/fs/afs/security.c, branch linux-4.13.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<id>https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-4.13.y</id>
<link rel='self' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-4.13.y'/>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/'/>
<updated>2017-07-09T21:40:12+00:00</updated>
<entry>
<title>afs: Ignore AFS_ACE_READ and AFS_ACE_WRITE for directories</title>
<updated>2017-07-09T21:40:12+00:00</updated>
<author>
<name>Marc Dionne</name>
<email>marc.dionne@auristor.com</email>
</author>
<published>2017-07-06T14:50:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fd2498211a551fd42b2d6b9050d649d43536e75c'/>
<id>urn:sha1:fd2498211a551fd42b2d6b9050d649d43536e75c</id>
<content type='text'>
The AFS_ACE_READ and AFS_ACE_WRITE permission bits should not
be used to make access decisions for the directory itself.  They
are meant to control access for the objects contained in that
directory.

Reading a directory is allowed if the AFS_ACE_LOOKUP bit is set.
This would cause an incorrect access denied error for a directory
with AFS_ACE_LOOKUP but not AFS_ACE_READ.

The AFS_ACE_WRITE bit does not allow operations that modify the
directory.  For a directory with AFS_ACE_WRITE but neither
AFS_ACE_INSERT nor AFS_ACE_DELETE, this would result in trying
operations that would ultimately be denied by the server.

Signed-off-by: Marc Dionne &lt;marc.dionne@auristor.com&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>afs: security: Replace rcu_assign_pointer() with RCU_INIT_POINTER()</title>
<updated>2017-03-16T16:27:45+00:00</updated>
<author>
<name>Andreea-Cristina Bernat</name>
<email>bernat.ada@gmail.com</email>
</author>
<published>2017-03-16T16:27:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=df8a09d1b8f9e693ec3f6b7e0162fc817f2cf0db'/>
<id>urn:sha1:df8a09d1b8f9e693ec3f6b7e0162fc817f2cf0db</id>
<content type='text'>
The use of "rcu_assign_pointer()" is NULLing out the pointer.
According to RCU_INIT_POINTER()'s block comment:
"1.   This use of RCU_INIT_POINTER() is NULLing out the pointer"
it is better to use it instead of rcu_assign_pointer() because it has a
smaller overhead.

The following Coccinelle semantic patch was used:
@@
@@

- rcu_assign_pointer
+ RCU_INIT_POINTER
  (..., NULL)

Signed-off-by: Andreea-Cristina Bernat &lt;bernat.ada@gmail.com&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
</content>
</entry>
<entry>
<title>afs: Adjust mode bits processing</title>
<updated>2017-03-16T16:27:44+00:00</updated>
<author>
<name>Marc Dionne</name>
<email>marc.dionne@auristor.com</email>
</author>
<published>2017-03-16T16:27:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=627f46943ff90bcc32ddeb675d881c043c6fa2ae'/>
<id>urn:sha1:627f46943ff90bcc32ddeb675d881c043c6fa2ae</id>
<content type='text'>
Mode bits for an afs file should not be enforced in the usual
way.

For files, the absence of user bits can restrict file access
with respect to what is granted by the server.

These bits apply regardless of the owner or the current uid; the
rest of the mode bits (group, other) are ignored.

Signed-off-by: Marc Dionne &lt;marc.dionne@auristor.com&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
</content>
</entry>
<entry>
<title>-&gt;permission() sanitizing: don't pass flags to -&gt;permission()</title>
<updated>2011-07-20T05:43:24+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2011-06-20T23:28:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=10556cb21a0d0b24d95f00ea6df16f599a3345b2'/>
<id>urn:sha1:10556cb21a0d0b24d95f00ea6df16f599a3345b2</id>
<content type='text'>
not used by the instances anymore.

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
</entry>
<entry>
<title>-&gt;permission() sanitizing: don't pass flags to generic_permission()</title>
<updated>2011-07-20T05:43:22+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2011-06-20T23:16:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2830ba7f34ebb27c4e5b8b6ef408cd6d74860890'/>
<id>urn:sha1:2830ba7f34ebb27c4e5b8b6ef408cd6d74860890</id>
<content type='text'>
redundant; all callers get it duplicated in mask &amp; MAY_NOT_BLOCK and none of
them removes that bit.

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
</entry>
<entry>
<title>kill check_acl callback of generic_permission()</title>
<updated>2011-07-20T05:43:16+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2011-06-20T15:31:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=178ea73521d64ba41d7aa5488fb9f549c6d4507d'/>
<id>urn:sha1:178ea73521d64ba41d7aa5488fb9f549c6d4507d</id>
<content type='text'>
its value depends only on inode and does not change; we might as
well store it in -&gt;i_op-&gt;check_acl and be done with that.

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
</entry>
<entry>
<title>fs: provide rcu-walk aware permission i_ops</title>
<updated>2011-01-07T06:50:29+00:00</updated>
<author>
<name>Nick Piggin</name>
<email>npiggin@kernel.dk</email>
</author>
<published>2011-01-07T06:49:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b74c79e99389cd79b31fcc08f82c24e492e63c7e'/>
<id>urn:sha1:b74c79e99389cd79b31fcc08f82c24e492e63c7e</id>
<content type='text'>
Signed-off-by: Nick Piggin &lt;npiggin@kernel.dk&gt;
</content>
</entry>
<entry>
<title>AFS: Potential null dereference</title>
<updated>2010-03-22T16:57:19+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>error27@gmail.com</email>
</author>
<published>2010-03-22T13:07:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=99b437a9257cb6b267bf32adfb7675948dc6d485'/>
<id>urn:sha1:99b437a9257cb6b267bf32adfb7675948dc6d485</id>
<content type='text'>
It seems clear from the surrounding code that xpermits is allowed to be
NULL here.

Signed-off-by: Dan Carpenter &lt;error27@gmail.com&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
</entry>
<entry>
<title>[PATCH] sanitize -&gt;permission() prototype</title>
<updated>2008-07-27T00:53:14+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2008-07-16T01:03:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e6305c43eda10ebfd2ad9e35d6e172ccc7bb3695'/>
<id>urn:sha1:e6305c43eda10ebfd2ad9e35d6e172ccc7bb3695</id>
<content type='text'>
* kill nameidata * argument; map the 3 bits in -&gt;flags anybody cares
  about to new MAY_... ones and pass with the mask.
* kill redundant gfs2_iop_permission()
* sanitize ecryptfs_permission()
* fix remaining places where -&gt;permission() instances might barf on new
  MAY_... found in mask.

The obvious next target in that direction is permission(9)

folded fix for nfs_permission() breakage from Miklos Szeredi &lt;mszeredi@suse.cz&gt;

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
</entry>
<entry>
<title>fs/afs/security.c: fix uninitialized var warning</title>
<updated>2008-02-08T17:22:36+00:00</updated>
<author>
<name>Andrew Morton</name>
<email>akpm@linux-foundation.org</email>
</author>
<published>2008-02-08T12:20:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=69759454873fd90130007bdb60948a79e880cd82'/>
<id>urn:sha1:69759454873fd90130007bdb60948a79e880cd82</id>
<content type='text'>
fs/afs/security.c: In function 'afs_permission':
fs/afs/security.c:290: warning: 'access' may be used uninitialized in this function

Cc: David Howells &lt;dhowells@redhat.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
</entry>
</feed>
