Remove suid/sgid bits on truncate() (CVE-2008-4210)

Hi Willy, I noticed that CVE-2008-4210 is missing from the linux-2.4.git tree. Don (cc'ed) proposed this: Cc: Don Howard <dhoward@redhat.com> Test-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Willy Tarreau <w@1wt.eu> (cherry picked from commit ead60d38671fb5a0aa5e4f04dbc61736f2d9461f)
author: Eugene Teo <eteo@redhat.com> 2008-10-07 09:45:11 +0800
committer: Willy Tarreau <w@1wt.eu> 2008-11-08 11:12:15 +0100
commit: 97cbd351f747cef3a0789d28f9bc7ddc345341da (patch)
tree: 3d12cd494062630f7076fd241b6d9bddc7586afa
parent: 5cb040bdb01e18a59837365ddd65c2e788d01e86 (diff)
download: linux-2.4-97cbd351f747cef3a0789d28f9bc7ddc345341da.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/open.c b/fs/open.c
index 512b60f58de3ff..ca470866e3c983 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -109,6 +109,8 @@ int do_truncate(struct dentry *dentry, loff_t length)
 	down(&inode->i_sem);
 	newattrs.ia_size = length;
 	newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
+	/* Remove suid/sgid on truncate too */
+	remove_suid(inode);
 	error = notify_change(dentry, &newattrs);
 	up(&inode->i_sem);
 	up_write(&inode->i_alloc_sem);
author	Eugene Teo <eteo@redhat.com>	2008-10-07 09:45:11 +0800
committer	Willy Tarreau <w@1wt.eu>	2008-11-08 11:12:15 +0100
commit	97cbd351f747cef3a0789d28f9bc7ddc345341da (patch)
tree	3d12cd494062630f7076fd241b6d9bddc7586afa
parent	5cb040bdb01e18a59837365ddd65c2e788d01e86 (diff)
download	linux-2.4-97cbd351f747cef3a0789d28f9bc7ddc345341da.tar.gz