From: Eric Sandeen <sandeen@redhat.com>
Date: Mon, 7 Jun 2010 18:32:57 -0400
Subject: [fs] ext4: MOVE_EXT can't overwrite append-only files
Message-id: <4C0D3B59.5010905@redhat.com>
Patchwork-id: 25995
O-Subject: [PATCH RHEL5.6] ext4: Make sure the MOVE_EXT ioctl can't overwrite
append-only files
Bugzilla: 601008
CVE: CVE-2010-2066
RH-Acked-by: Robert S Peterson <rpeterso@redhat.com>
RH-Acked-by: Jiri Olsa <jolsa@redhat.com>
This is for bug #601008, and is a backport of a trivial upstream commit
resolving a security issue.
Thanks,
-Eric
From: Theodore Ts'o <tytso@mit.edu>
Date: Thu, 3 Jun 2010 02:04:39 +0000 (-0400)
Subject: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
X-Git-Tag: v2.6.35-rc2~22~1
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72
ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files
Dan Roseberg has reported a problem with the MOVE_EXT ioctl. If the
donor file is an append-only file, we should not allow the operation
to proceed, lest we end up overwriting the contents of an append-only
file.
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Signed-off-by: Jarod Wilson <jarod@redhat.com>
diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c
index da0506b..077e05d 100644
--- a/fs/ext4/move_extent.c
+++ b/fs/ext4/move_extent.c
@@ -993,6 +993,9 @@ mext_check_arguments(struct inode *orig_inode,
return -EINVAL;
}
+ if (IS_IMMUTABLE(donor_inode) || IS_APPEND(donor_inode))
+ return -EPERM;
+
/* Ext4 move extent does not support swapfile */
if (IS_SWAPFILE(orig_inode) || IS_SWAPFILE(donor_inode)) {
ext4_debug("ext4 move extent: The argument files should "
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
27922b4260f65d317aabda37e42bbbff
>
files
>
1024
