| Revision | ead60d38671fb5a0aa5e4f04dbc61736f2d9461f (tree) |
|---|---|
| Time | 2008-10-20 06:07:14 |
| Author | Eugene Teo <eteo@redh...> |
| Commiter | Willy Tarreau |
Remove suid/sgid bits on truncate() (CVE-2008-4210)
Hi Willy,
I noticed that CVE-2008-4210 is missing from the linux-2.4.git tree.
Don (cc'ed) proposed this:
Cc: Don Howard <dhoward@redhat.com>
Test-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Willy Tarreau <w@1wt.eu>
| @@ -109,6 +109,8 @@ int do_truncate(struct dentry *dentry, loff_t length) | ||
| 109 | 109 | down(&inode->i_sem); |
| 110 | 110 | newattrs.ia_size = length; |
| 111 | 111 | newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; |
| 112 | + /* Remove suid/sgid on truncate too */ | |
| 113 | + remove_suid(inode); | |
| 112 | 114 | error = notify_change(dentry, &newattrs); |
| 113 | 115 | up(&inode->i_sem); |
| 114 | 116 | up_write(&inode->i_alloc_sem); |
Linux Kernel Documents
Fork
fs/open.c