[vhffs-dev] [1869] added TuxFamily Linux kernel patch against Linux 2.6.39

[ Thread Index | Date Index | More vhffs.org/vhffs-dev Archives ]


Revision: 1869
Author:   gradator
Date:     2011-06-04 22:50:19 +0200 (Sat, 04 Jun 2011)
Log Message:
-----------
added TuxFamily Linux kernel patch against Linux 2.6.39

Added Paths:
-----------
    trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.2-2.6.39.patch

Added: trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.2-2.6.39.patch
===================================================================
--- trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.2-2.6.39.patch	                        (rev 0)
+++ trunk/vhffs-packages/patches/tfsyscall/tfsyscall-0.2.2-2.6.39.patch	2011-06-04 20:50:19 UTC (rev 1869)
@@ -0,0 +1,160 @@
+diff -Nru a/fs/namei.c b/fs/namei.c
+--- a/fs/namei.c	2011-06-01 22:38:44.000000000 +0200
++++ b/fs/namei.c	2011-06-01 22:37:57.000000000 +0200
+@@ -2029,6 +2029,13 @@
+ 		return -EACCES;	/* shouldn't it be ENOSYS? */
+ 	mode &= S_IALLUGO;
+ 	mode |= S_IFREG;
++	// TF PATCH: forces 00400, clear 07002
++	if( current_uid() >= 10000 && current_gid() >= 10000 ) {
++		mode &= ~07002;
++		mode |= 00400;
++	}
++	// TF PATCH: END
++
+ 	error = security_inode_create(dir, dentry, mode);
+ 	if (error)
+ 		return error;
+@@ -2658,6 +2665,13 @@
+ 		return -EPERM;
+ 
+ 	mode &= (S_IRWXUGO|S_ISVTX);
++	// TF PATCH: forces 02700, clear 05002
++	if( current_uid() >= 10000 && current_gid() >= 10000 ) {
++		mode &= ~05002;
++		mode |= 02700;
++	}
++	// TF PATCH: END
++
+ 	error = security_inode_mkdir(dir, dentry, mode);
+ 	if (error)
+ 		return error;
+diff -Nru a/fs/open.c b/fs/open.c
+--- a/fs/open.c	2011-06-01 22:38:44.000000000 +0200
++++ b/fs/open.c	2011-06-01 22:37:57.000000000 +0200
+@@ -512,6 +512,18 @@
+ 		goto out_unlock;
+ 	}
+ 
++	// TF PATCH: forces 02700 on dir, 00400 on files, remove 05002 on dir, remove 07002 on files
++	if( inode->i_uid >= 10000 && inode->i_gid >= 10000 ) {
++		if( S_ISREG(inode->i_mode) ) {
++			mode &= ~07002;
++			mode |= 00400;
++		} else if ( S_ISDIR(inode->i_mode) ) {
++			mode &= ~05002;
++			mode |= 02700;
++		}
++	}
++	// TF PATCH: end
++
+ 	newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
+ 	newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
+ 	err = notify_change(dentry, &newattrs);
+@@ -553,6 +565,18 @@
+ 	if (mode == (mode_t) -1)
+ 		mode = inode->i_mode;
+ 
++	// TF PATCH: forces 02700 on dir, 00400 on files, remove 05002 on dir, remove 07002 on files
++	if( inode->i_uid >= 10000 && inode->i_gid >= 10000 ) {
++		if( S_ISREG(inode->i_mode) ) {
++			mode &= ~07002;
++			mode |= 00400;
++		} else if ( S_ISDIR(inode->i_mode) ) {
++			mode &= ~05002;
++			mode |= 02700;
++		}
++	}
++	// TF PATCH: end
++
+ 	if (gr_handle_chroot_chmod(path.dentry, path.mnt, mode)) {
+ 		error = -EACCES;
+ 		goto out_unlock;
+@@ -1044,7 +1068,7 @@
+ }
+ EXPORT_SYMBOL(file_open_root);
+ 
+-long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++long old_do_sys_open(int dfd, const char __user *filename, int flags, int mode)
+ {
+ 	struct open_flags op;
+ 	int lookup = build_open_flags(flags, mode, &op);
+@@ -1071,6 +1095,78 @@
+ 	return fd;
+ }
+ 
++long do_sys_open(int dfd, const char __user *filename, int flags, int mode)
++{
++	long fd;
++	struct file *f;
++	struct dentry *d;
++	struct inode *inode;
++	struct group_info *gi;
++	long ngroups,i,j;
++
++	fd = old_do_sys_open( dfd , filename , flags , mode );
++
++// TF PATCH: enforce group permission, disallow groups to open files of other groups
++	if( fd < 0 )
++		return fd;
++
++	if( current_uid() < 10000 && current_gid() < 10000 )
++		return fd;
++
++	f = fget( fd );
++	if( f == NULL )  {
++		sys_close( fd );
++		return -EACCES;
++	}
++
++	d = f->f_dentry;
++	if( d == NULL )  {
++		fput( f );
++		sys_close( fd );
++		return -EACCES;
++	}
++
++	inode = d->d_inode;
++	if( inode == NULL )  {
++		fput( f );
++		sys_close( fd );
++		return -EACCES;
++	}
++
++	/* allow open() on system files */
++	if( inode->i_uid < 10000 && inode->i_gid < 10000 )  {
++		fput( f );
++		return fd;
++	}
++
++	/* allow open() if the user or group of file is either the current user or the current group */
++	if( inode->i_gid == current_gid() || inode->i_uid == current_uid() )  {
++		fput( f );
++		return fd;
++	}
++
++	/* if not check if the file belong to one of the user group */
++	gi = get_current_groups();
++	ngroups = gi->ngroups;
++	for( i = 0 ; i < gi->nblocks ; i++)  {
++		long cp_count = min( (long)NGROUPS_PER_BLOCK, ngroups );
++		for( j = 0 ; j < cp_count ; j++ )  {
++			if( gi->blocks[i][j] == inode->i_gid )  {
++				put_group_info( gi );
++				fput( f );
++				return fd;
++			}
++		}
++		ngroups -= NGROUPS_PER_BLOCK;
++	}
++	put_group_info( gi );
++
++	fput( f );
++	sys_close( fd );
++	return -EACCES;
++// TF PATCH: end
++}
++
+ SYSCALL_DEFINE3(open, const char __user *, filename, int, flags, int, mode)
+ {
+ 	long ret;


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/