On Wed, Aug 02, 2017 at 03:18:27AM -0300, Ernesto A. Fernández wrote: > When changing a file's acl mask, btrfs_set_acl() will first set the > group bits of i_mode to the value of the mask, and only then set the > actual extended attribute representing the new acl. > > If the second part fails (due to lack of space, for example) and the > file had no acl attribute to begin with, the system will from now on > assume that the mask permission bits are actual group permission bits, > potentially granting access to the wrong users. > > Prevent this by restoring the original mode bits if __btrfs_set_acl > fails. > > Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernan...@gmail.com> > --- > Please ignore the two previous versions, this is far simpler and has the > same effect. To Josef Bacik: thank you for your review, I'm sorry I > wasted your time.
This version is much better, starting the transaction would add some overhead and would need to be measured so we have an idea about the impact. Reviewed-by: David Sterba <dste...@suse.com> -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html