[vhffs-dev] [1870] Added TuxFamily Linux kernel patch against Linux 2.6.32.41 (longterm ) |
[ Thread Index |
Date Index
| More vhffs.org/vhffs-dev Archives
]
Revision: 1870
Author: gradator
Date: 2011-06-05 19:56:10 +0200 (Sun, 05 Jun 2011)
Log Message:
-----------
Added TuxFamily Linux kernel patch against Linux 2.6.32.41 (longterm)
Added Paths:
-----------
trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.2-2.6.32.41.patch
Added: trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.2-2.6.32.41.patch
===================================================================
--- trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.2-2.6.32.41.patch (rev 0)
+++ trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.2-2.6.32.41.patch 2011-06-05 17:56:10 UTC (rev 1870)
@@ -0,0 +1,160 @@
+diff -Nru a/fs/namei.c b/fs/namei.c
+--- a/fs/namei.c 2011-06-05 17:46:07.000000000 +0000
++++ b/fs/namei.c 2011-06-05 17:40:25.000000000 +0000
+@@ -1525,6 +1525,13 @@
+ return -EACCES; /* shouldn't it be ENOSYS? */
+ mode &= S_IALLUGO;
+ mode |= S_IFREG;
++ // TF PATCH: forces 00400, clear 07002
++ if( current_uid() >= 10000 && current_gid() >= 10000 ) {
++ mode &= ~07002;
++ mode |= 00400;
++ }
++ // TF PATCH: END
++
+ error = security_inode_create(dir, dentry, mode);
+ if (error)
+ return error;
+@@ -2195,6 +2202,13 @@
+ return -EPERM;
+
+ mode &= (S_IRWXUGO|S_ISVTX);
++ // TF PATCH: forces 02700, clear 05002
++ if( current_uid() >= 10000 && current_gid() >= 10000 ) {
++ mode &= ~05002;
++ mode |= 02700;
++ }
++ // TF PATCH: END
++
+ error = security_inode_mkdir(dir, dentry, mode);
+ if (error)
+ return error;
+diff -Nru a/fs/open.c b/fs/open.c
+--- a/fs/open.c 2011-06-05 17:46:07.000000000 +0000
++++ b/fs/open.c 2011-06-05 17:48:30.000000000 +0000
+@@ -659,6 +659,18 @@
+ goto out_unlock;
+ }
+
++ // TF PATCH: forces 02700 on dir, 00400 on files, remove 05002 on dir, remove 07002 on files
++ if( inode->i_uid >= 10000 && inode->i_gid >= 10000 ) {
++ if( S_ISREG(inode->i_mode) ) {
++ mode &= ~07002;
++ mode |= 00400;
++ } else if ( S_ISDIR(inode->i_mode) ) {
++ mode &= ~05002;
++ mode |= 02700;
++ }
++ }
++ // TF PATCH: end
++
+ newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
+ newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
+ err = notify_change(dentry, &newattrs);
+@@ -698,6 +710,18 @@
+ if (mode == (mode_t) -1)
+ mode = inode->i_mode;
+
++ // TF PATCH: forces 02700 on dir, 00400 on files, remove 05002 on dir, remove 07002 on files
++ if( inode->i_uid >= 10000 && inode->i_gid >= 10000 ) {
++ if( S_ISREG(inode->i_mode) ) {
++ mode &= ~07002;
++ mode |= 00400;
++ } else if ( S_ISDIR(inode->i_mode) ) {
++ mode &= ~05002;
++ mode |= 02700;
++ }
++ }
++ // TF PATCH: end
++
+ if (gr_handle_chroot_chmod(path.dentry, path.mnt, mode)) {
+ error = -EACCES;
+ goto out_unlock;
+@@ -1088,7 +1112,7 @@
+
+ EXPORT_SYMBOL(fd_install);
+
+-long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++long old_do_sys_open(int dfd, const char __user *filename, int flags, int mode)
+ {
+ char *tmp = getname(filename);
+ int fd = PTR_ERR(tmp);
+@@ -1113,6 +1137,78 @@
+ return fd;
+ }
+
++long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++{
++ long fd;
++ struct file *f;
++ struct dentry *d;
++ struct inode *inode;
++ struct group_info *gi;
++ long ngroups,i,j;
++
++ fd = old_do_sys_open( dfd , filename , flags , mode );
++
++// TF PATCH: enforce group permission, disallow groups to open files of other groups
++ if( fd < 0 )
++ return fd;
++
++ if( current_uid() < 10000 && current_gid() < 10000 )
++ return fd;
++
++ f = fget( fd );
++ if( f == NULL ) {
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ d = f->f_dentry;
++ if( d == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ inode = d->d_inode;
++ if( inode == NULL ) {
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++ }
++
++ /* allow open() on system files */
++ if( inode->i_uid < 10000 && inode->i_gid < 10000 ) {
++ fput( f );
++ return fd;
++ }
++
++ /* allow open() if the user or group of file is either the current user or the current group */
++ if( inode->i_gid == current_gid() || inode->i_uid == current_uid() ) {
++ fput( f );
++ return fd;
++ }
++
++ /* if not check if the file belong to one of the user group */
++ gi = get_current_groups();
++ ngroups = gi->ngroups;
++ for( i = 0 ; i < gi->nblocks ; i++) {
++ long cp_count = min( (long)NGROUPS_PER_BLOCK, ngroups );
++ for( j = 0 ; j < cp_count ; j++ ) {
++ if( gi->blocks[i][j] == inode->i_gid ) {
++ put_group_info( gi );
++ fput( f );
++ return fd;
++ }
++ }
++ ngroups -= NGROUPS_PER_BLOCK;
++ }
++ put_group_info( gi );
++
++ fput( f );
++ sys_close( fd );
++ return -EACCES;
++// TF PATCH: end
++}
++
+ SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, int, mode)
+ {
+ long ret;