[PATCH v2 1/2] vfs: block chmod of symlinks
From: Rich Felker
Date: Tue Sep 15 2020 - 20:23:09 EST
It was discovered while implementing userspace emulation of fchmodat
AT_SYMLINK_NOFOLLOW (using O_PATH and procfs magic symlinks; otherwise
it's not possible to target symlinks with chmod operations) that some
filesystems erroneously allow access mode of symlinks to be changed,
but return failure with EOPNOTSUPP (see glibc issue #14578 and commit
a492b1e5ef). This inconsistency is non-conforming and wrong, and the
consensus seems to be that it was unintentional to allow link modes to
be changed in the first place.
Signed-off-by: Rich Felker <dalias@xxxxxxxx>
---
fs/open.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/open.c b/fs/open.c
index 9af548fb841b..cdb7964aaa6e 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -570,6 +570,12 @@ int chmod_common(const struct path *path, umode_t mode)
struct iattr newattrs;
int error;
+ /* Block chmod from getting to fs layer. Ideally the fs would either
+ * allow it or fail with EOPNOTSUPP, but some are buggy and return
+ * an error but change the mode, which is non-conforming and wrong. */
+ if (S_ISLNK(inode->i_mode))
+ return -EOPNOTSUPP;
+
error = mnt_want_write(path->mnt);
if (error)
return error;
--
2.21.0