fuse: fix allowing operations

The following operation didn't check if sending the request was allowed:

  setattr
  listxattr
  statfs

Some other operations don't explicitly do the check, but VFS calls
->permission() which checks this.

Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index d1acab9..b18e06d 100644 (file)
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -721,7 +721,7 @@ static int fuse_refresh_attributes(struct inode *inode)
  * for which the owner of the mount has ptrace privilege.  This
  * excludes processes started by other users, suid or sgid processes.
  */
-static int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task)
+int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task)
 {
        if (fc->flags & FUSE_ALLOW_OTHER)
                return 1;
@@ -1005,6 +1005,9 @@ static int fuse_setattr(struct dentry *entry, struct iattr *attr)
        struct fuse_attr_out outarg;
        int err;
 
+       if (!fuse_allow_task(fc, current))
+               return -EACCES;
+
        if (fc->flags & FUSE_DEFAULT_PERMISSIONS) {
                err = inode_change_ok(inode, attr);
                if (err)
@@ -1172,6 +1175,9 @@ static ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size)
        struct fuse_getxattr_out outarg;
        ssize_t ret;
 
+       if (!fuse_allow_task(fc, current))
+               return -EACCES;
+
        if (fc->no_listxattr)
                return -EOPNOTSUPP;
 

diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 1764506..e7464b8 100644 (file)
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -565,3 +565,8 @@ void fuse_ctl_remove_conn(struct fuse_conn *fc);
  * Is file type valid?
  */
 int fuse_valid_type(int m);
+
+/**
+ * Is task allowed to perform filesystem operation?
+ */
+int fuse_allow_task(struct fuse_conn *fc, struct task_struct *task);

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index fd07357..00bb5a2 100644 (file)
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -287,6 +287,11 @@ static int fuse_statfs(struct dentry *dentry, struct kstatfs *buf)
        struct fuse_statfs_out outarg;
        int err;
 
+       if (!fuse_allow_task(fc, current)) {
+               buf->f_type = FUSE_SUPER_MAGIC;
+               return 0;
+       }
+
        req = fuse_get_req(fc);
        if (IS_ERR(req))
                return PTR_ERR(req);