On Sun, Jul 08, 2007 at 10:41:46AM -0700, Ulrich Drepper wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Al Viro wrote: > > Like hell. At the very least you want it to be opened for write. > > And even that is dubious, since "process has write access to file" > > is not quite the same thing as "somebody had given the process a > > descriptor opened for write". > > But the real permissions tests are performed in notify_change. I think > all this is consistent with how, for instance, fchmod works. The > additional tests in fchmod which aren't here (IS_RDONLY and IS_APPEND) > would also apply to the case where a file name is given. So, either the > code was inconsistent already are these tests are really not needed.
Yes, it's either that, or you haven't bothered to read what it really does. ATTR_UID et.al. are checked in inode_change_ok(). So is ATTR_MTIME_SET (only owner can explicitly set timestamps). ATTR_MTIME is not and *should* *not* be checked there. Exactly because it's done as a side effect of many operations with access control of their own and nothing that could be pushed down into notify_change() path. Think of e.g. write(2) - by the time you get to notify_change(), you don't even have a file descriptor. Just the dentry and process writing to file doesn't have to have *any* permissions on it. Hell, _try_ it. Build the kernel with your patch and without it. Call utimes() with NULL second argument on a file you have no write access to. See if the timestamps change. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
