1 |
1275 |
phoenix |
Mon Oct 24 23:27:42 1994 Theodore Y. Ts'o (tytso@rt-11)
|
2 |
|
|
|
3 |
|
|
* fcntl.c (sys_fcntl): Liberalize security checks which Alan Cox
|
4 |
|
|
put in.
|
5 |
|
|
|
6 |
|
|
Thu Oct 20 23:44:22 1994 Theodore Y. Ts'o (tytso@rt-11)
|
7 |
|
|
|
8 |
|
|
* fcntl.c (sys_fcntl): Add more of a security check to the
|
9 |
|
|
F_SETOWN fcntl().
|
10 |
|
|
|
11 |
|
|
[Tons of changes missed, indeed. This list is worth restarting since
|
12 |
|
|
at least some fixes WILL break third-party filesystems. Sorry, but
|
13 |
|
|
there was no other way to fix rmdir/rename deadlock, for one.]
|
14 |
|
|
|
15 |
|
|
Wed Dec 2 (Linus, fill the rest, please)
|
16 |
|
|
|
17 |
|
|
* namei.c (do_rmdir) and rmdir method in filesystems:
|
18 |
|
|
Locking of directory we remove was taken to VFS.
|
19 |
|
|
See comments in do_rmdir(). Unfixed filesystems
|
20 |
|
|
will bloody likely deadlock in rmdir().
|
21 |
|
|
|
22 |
|
|
Thu Dec 3 17:25:31 1998 Al Viro (viro@math.psu.edu)
|
23 |
|
|
|
24 |
|
|
* namei.c (do_rmdir):
|
25 |
|
|
Reject non-directories here.
|
26 |
|
|
Two (probably) obsolete checks moved here too: we fail if
|
27 |
|
|
the directory we remove is the same as parent (BUG: we
|
28 |
|
|
serve mountpoints later) or if it lives on a different
|
29 |
|
|
device.
|
30 |
|
|
* sysv/namei.c (sysv_rmdir): See sysv/CHANGES
|
31 |
|
|
|
32 |
|
|
Fri Dec 4 00:54:12 1998 AV
|
33 |
|
|
|
34 |
|
|
* namei.c (check_sticky): New function check_sticky(dir, inode).
|
35 |
|
|
If dir is sticky check whether we can unlink/rmdir/rename
|
36 |
|
|
the inode. Returns 1 if we can't. If dir isn't sticky -
|
37 |
|
|
return 0 (i.e. no objections). Some filesystems require
|
38 |
|
|
suser() here; some are fine with CAP_FOWNER. The later
|
39 |
|
|
seems more reasonable.
|
40 |
|
|
* namei.c (do_rmdir):
|
41 |
|
|
Moved the check for sticky bit here.
|
42 |
|
|
* affs/{inode,namei}.c:
|
43 |
|
|
All AFFS directories have sticky semantics (i.e. non-owner
|
44 |
|
|
having write permisssions on directory can unlink/rmdir/rename
|
45 |
|
|
only the files he owns), but AFFS didn't set S_ISVTX on them.
|
46 |
|
|
Fixed. NB: maybe this behaviour should be controlled by mount
|
47 |
|
|
option. Obvious values being 'sticky' (current behaviour),
|
48 |
|
|
'nonsticky' (normal behaviour) and maybe some play on 'D'
|
49 |
|
|
permissions bit. FIXME.
|
50 |
|
|
* qnx4/namei.c (qnx4_rmdir):
|
51 |
|
|
Plugged inode leak.
|
52 |
|
|
* ufs/namei.c (ufs_rmdir):
|
53 |
|
|
Changed handling of busy directory to new scheme.
|
54 |
|
|
|
55 |
|
|
Fri Dec 4 10:30:58 1998 AV
|
56 |
|
|
|
57 |
|
|
* namei.c (VFS_rmdir): New function. It gets inode of the parent and
|
58 |
|
|
dentry of the victim, does all checks and applies fs-specific
|
59 |
|
|
rmdir() method. It should be called with semaphores down
|
60 |
|
|
on both the victim and its parent and with bumped d_count on
|
61 |
|
|
victim (see comments in do_rmdir).
|
62 |
|
|
* include/linux/fs.h: Added VFS_rmdir
|
63 |
|
|
* kernel/ksyms.c: Added VFS_rmdir to export list (for NFSD).
|
64 |
|
|
* nfsd/vfs.c: Fixed rmdir handling.
|
65 |
|
|
|
66 |
|
|
Tue Dec 8 05:55:08 1998 AV
|
67 |
|
|
* vfat/namei.c: Fixed the bug in vfat_rename() introduced in the
|
68 |
|
|
first round of rmdir fixes.
|
69 |
|
|
|
70 |
|
|
Wed Dec 9 03:06:10 1998 AV
|
71 |
|
|
* namei.c (do_rename): part of fs-independent checks had been moved
|
72 |
|
|
here (sticky bit handling, type mismatches). Cases of
|
73 |
|
|
the source or target being append-only or immutable also went
|
74 |
|
|
here - if we check it for parent we could as well do it for
|
75 |
|
|
children.
|
76 |
|
|
* {affs,ext2,minix,sysv,ufs}/namei.c (do_*_rename):
|
77 |
|
|
Removed tests that went to VFS, it simplified the code big way.
|
78 |
|
|
Fixed a race in check for empty target - we should check for
|
79 |
|
|
extra owners _before_ checking for emptiness, not after it.
|
80 |
|
|
* {ext2,ufs}/namei.c (do_*_rename):
|
81 |
|
|
VERY nasty bug shot: if somebody mkdired /tmp/cca01234, went
|
82 |
|
|
there, rmdired '.', waited till somebody created a file with
|
83 |
|
|
the same name and said mv . /tmp/goodbye_sticky_bit... Well,
|
84 |
|
|
goodbye sticky bit. Down, not across!
|
85 |
|
|
* {minix,sysv}/namei.c (do_*_rename):
|
86 |
|
|
Incorrect check for other owners (i_count instead of d_count).
|
87 |
|
|
Fixed.
|
88 |
|
|
* vfat: Looks like the changes above fixed a bug in VFAT - this beast
|
89 |
|
|
used to allow renaming file over directory and vice versa.
|
90 |
|
|
|
91 |
|
|
Wed Dec 9 08:00:27 1998 AV
|
92 |
|
|
* namei.c (VFS_rename): New function. It gets the same arguments as
|
93 |
|
|
->rename() method, does all checks and applies fs-specific
|
94 |
|
|
rmdir() method. It should be called with semaphores down
|
95 |
|
|
on both parents.
|
96 |
|
|
* include/linux/fs.h: Added VFS_rename
|
97 |
|
|
* kernel/ksyms.c: Added VFS_rename to export list (for NFSD).
|
98 |
|
|
* nfsd/vfs.c: Changed rename handling (switched to VFS_rename).
|
99 |
|
|
|
100 |
|
|
Wed Dec 9 18:16:27 1998 AV
|
101 |
|
|
* namei.c (do_unlink): handling of sticky bit went here.
|
102 |
|
|
* {affs,ext2,minix,qnx4,sysv,ufs}/namei.c (*_unlink):
|
103 |
|
|
removed handling of sticky bit.
|
104 |
|
|
* qnx4/namei.c (qnx4_unlink):
|
105 |
|
|
Yet another inode leak. Fixed.
|
106 |
|
|
|
107 |
|
|
Thu Dec 10 04:55:26 1998 AV
|
108 |
|
|
* {ext2,minix,sysv,ufs}/namei.c (*_mknod):
|
109 |
|
|
removed meaningless code handling attempts to mknod symlinks
|
110 |
|
|
and directories. VFS protects us from _that_ and if this code
|
111 |
|
|
would ever be called we'ld get a filesystem corruption.
|
112 |
|
|
|
113 |
|
|
Thu Dec 10 16:58:50 1998 AV
|
114 |
|
|
* namei.c (do_rename): Fixed dentry leak that had been introduced by
|
115 |
|
|
the first round of rmdir fixes.
|
116 |
|
|
|
117 |
|
|
Fri Dec 11 14:57:17 1998 AV
|
118 |
|
|
* msdos/namei.c (msdos_rmdir): Fixed race in emptiness check.
|
119 |
|
|
|
120 |
|
|
Sat Dec 12 19:59:57 1998 AV
|
121 |
|
|
* msdos/namei.c (msdos_mkdir): Fixed the evil breakage introduced by
|
122 |
|
|
the changes of rmdir locking scheme. We shouldn't call
|
123 |
|
|
msdos_rmdir from there.
|
124 |
|
|
|
125 |
|
|
Sun Dec 13 02:05:16 1998 AV
|
126 |
|
|
* namei.c (do_unlink):
|
127 |
|
|
Added new function: vfs_unlink, with the same arguments as
|
128 |
|
|
->unlink() method.
|
129 |
|
|
* kernel/ksyms.c: Made it exported.
|
130 |
|
|
* include/linux/fs.h: Added prototype.
|
131 |
|
|
* nfsd/vfs.c: Changed handling of unlink (switched to vfs_unlink)
|
132 |
|
|
* {ext2,ufs}/namei.c (*_unlink): moved handling of imm./append-only to
|
133 |
|
|
VFS.
|
134 |
|
|
|
135 |
|
|
Wed Dec 16 06:10:04 1998 AV
|
136 |
|
|
* namei.c (may_create, may_delete): New inline functions.
|
137 |
|
|
They check whether creation/deletion is permitted.
|
138 |
|
|
Checks from other places of namei.c went there.
|
139 |
|
|
Looks like originally I misread permission-related stuff
|
140 |
|
|
both here and in nfsd. In particular, checks for
|
141 |
|
|
immutable are done in permission(). D'oh.
|
142 |
|
|
* unlink on directory should return -EISDIR, not -EPERM as it used to
|
143 |
|
|
do. Fixed.
|
144 |
|
|
* rmdir of immutable/append-only directory shouldn't be allowed. Fixed.
|
145 |
|
|
|
146 |
|
|
Remains unfixed:
|
147 |
|
|
* rename's handling of races is, erm, not optimal. Looks like I know
|
148 |
|
|
what to do, but this thing needs some more cleanup - we can
|
149 |
|
|
take care of almost all races in VFS and be much more graceful
|
150 |
|
|
wrt locking. Moreover, it would give strong lookup atomicity.
|
151 |
|
|
But it's a lot of changes to lookup and dcache code, so it will
|
152 |
|
|
go after the fs drivers' cleanup.
|
153 |
|
|
* affs allows HARD links to directories. VFS is, to put it politely,
|
154 |
|
|
not too ready to cope with _that_. And I'm not sure it should
|
155 |
|
|
be - looks like they are pretty much similar to symlinks.
|
156 |
|
|
* truncate doesn't give a damn about IO errors and disk overflows (on
|
157 |
|
|
braindead filesystems). I've submitted a patch to Linus, but
|
158 |
|
|
looks like it wasn't applied.
|
159 |
|
|
* msdos: shouldn't we treat SYS as IMMUTABLE? Makes sense, IMHO.
|