|
|
@@ -984,13 +984,15 @@ static bool safe_hardlink_source(struct inode *inode)
|
|
|
*/
|
|
|
static int may_linkat(struct path *link)
|
|
|
{
|
|
|
- struct inode *inode;
|
|
|
+ struct inode *inode = link->dentry->d_inode;
|
|
|
+
|
|
|
+ /* Inode writeback is not safe when the uid or gid are invalid. */
|
|
|
+ if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
|
|
|
+ return -EOVERFLOW;
|
|
|
|
|
|
if (!sysctl_protected_hardlinks)
|
|
|
return 0;
|
|
|
|
|
|
- inode = link->dentry->d_inode;
|
|
|
-
|
|
|
/* Source inode owner (or CAP_FOWNER) can hardlink all they like,
|
|
|
* otherwise, it must be a safe source.
|
|
|
*/
|
|
|
@@ -2749,6 +2751,11 @@ static int may_delete(struct inode *dir, struct dentry *victim, bool isdir)
|
|
|
BUG_ON(!inode);
|
|
|
|
|
|
BUG_ON(victim->d_parent->d_inode != dir);
|
|
|
+
|
|
|
+ /* Inode writeback is not safe when the uid or gid are invalid. */
|
|
|
+ if (!uid_valid(inode->i_uid) || !gid_valid(inode->i_gid))
|
|
|
+ return -EOVERFLOW;
|
|
|
+
|
|
|
audit_inode_child(dir, victim, AUDIT_TYPE_CHILD_DELETE);
|
|
|
|
|
|
error = inode_permission(dir, MAY_WRITE | MAY_EXEC);
|
Eric W. Biederman