jffs2: Add missing capability check for listing trusted xattrs
authorAndreas Gruenbacher <agruenba@redhat.com>
Sun, 4 Oct 2015 17:18:50 +0000 (19:18 +0200)
committerAl Viro <viro@zeniv.linux.org.uk>
Sat, 14 Nov 2015 01:34:30 +0000 (20:34 -0500)
The vfs checks if a task has the appropriate access for get and set
operations, but it cannot do that for the list operation; the file system
must check for that itself.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: linux-mtd@lists.infradead.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/jffs2/xattr_trusted.c

index ceaf9c693225b44edeb5bb3bddea534c1b62ad51..bbd20c16090ee9074e4dfa71540a17f71f02bd2a 100644 (file)
@@ -39,6 +39,9 @@ static size_t jffs2_trusted_listxattr(struct dentry *dentry, char *list,
 {
        size_t retlen = XATTR_TRUSTED_PREFIX_LEN + name_len + 1;
 
+       if (!capable(CAP_SYS_ADMIN))
+               return 0;
+
        if (list && retlen<=list_size) {
                strcpy(list, XATTR_TRUSTED_PREFIX);
                strcpy(list + XATTR_TRUSTED_PREFIX_LEN, name);