diff options
author | Eugene Teo <eteo@redhat.com> | 2008-10-07 09:45:11 +0800 |
---|---|---|
committer | Willy Tarreau <w@1wt.eu> | 2008-11-08 11:12:15 +0100 |
commit | 97cbd351f747cef3a0789d28f9bc7ddc345341da (patch) | |
tree | 3d12cd494062630f7076fd241b6d9bddc7586afa | |
parent | 5cb040bdb01e18a59837365ddd65c2e788d01e86 (diff) | |
download | linux-2.4-97cbd351f747cef3a0789d28f9bc7ddc345341da.tar.gz |
Remove suid/sgid bits on truncate() (CVE-2008-4210)
Hi Willy,
I noticed that CVE-2008-4210 is missing from the linux-2.4.git tree.
Don (cc'ed) proposed this:
Cc: Don Howard <dhoward@redhat.com>
Test-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit ead60d38671fb5a0aa5e4f04dbc61736f2d9461f)
-rw-r--r-- | fs/open.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/open.c b/fs/open.c index 512b60f58de3ff..ca470866e3c983 100644 --- a/fs/open.c +++ b/fs/open.c @@ -109,6 +109,8 @@ int do_truncate(struct dentry *dentry, loff_t length) down(&inode->i_sem); newattrs.ia_size = length; newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME; + /* Remove suid/sgid on truncate too */ + remove_suid(inode); error = notify_change(dentry, &newattrs); up(&inode->i_sem); up_write(&inode->i_alloc_sem); |