coreutils/coreutils-acl-extended-file-nofollow.patch

75 lines
2.8 KiB
Diff
Raw Normal View History

From 95f7c57ff4090a5dee062044d2c7b99879077808 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka <at> redhat.com>
Date: Fri, 22 Jul 2011 14:48:42 +0200
Subject: [PATCH] file-has-acl: use acl_extended_file_nofollow if available
* lib/acl-internal.h (HAVE_ACL_EXTENDED_FILE): New macro.
(acl_extended_file): New macro.
* lib/file-has-acl.c (file_has_acl): Use acl_extended_file_nofollow.
* m4/acl.m4 (gl_FUNC_ACL): Check for acl_extended_file_nofollow.
This addresses http://bugzilla.redhat.com/692823.
---
lib/acl-internal.h | 6 ++++++
lib/file-has-acl.c | 10 +++++++++-
m4/acl.m4 | 2 +-
3 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/lib/acl-internal.h b/lib/acl-internal.h
index b3160a7..b509666 100644
--- a/lib/acl-internal.h
+++ b/lib/acl-internal.h
@@ -133,6 +133,12 @@ rpl_acl_set_fd (int fd, acl_t acl)
# endif
/* Linux-specific */
+# ifndef HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+# define HAVE_ACL_EXTENDED_FILE_NOFOLLOW false
+# define acl_extended_file_nofollow(name) (-1)
+# endif
+
+/* Linux-specific */
# ifndef HAVE_ACL_FROM_MODE
# define HAVE_ACL_FROM_MODE false
# define acl_from_mode(mode) (NULL)
diff --git a/lib/file-has-acl.c b/lib/file-has-acl.c
index 3d4d5c1..2ee6ba2 100644
--- a/lib/file-has-acl.c
+++ b/lib/file-has-acl.c
@@ -366,12 +366,20 @@ file_has_acl (char const *name, struct stat const *sb)
/* Linux, FreeBSD, MacOS X, IRIX, Tru64 */
int ret;
- if (HAVE_ACL_EXTENDED_FILE) /* Linux */
+ if (HAVE_ACL_EXTENDED_FILE || HAVE_ACL_EXTENDED_FILE_NOFOLLOW) /* Linux */
{
+# if HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+ /* acl_extended_file_nofollow() uses lgetxattr() in order to prevent
+ unnecessary mounts, but it returns the same result as we already
+ know that NAME is not a symbolic link at this point (modulo the
+ TOCTTOU race condition). */
+ ret = acl_extended_file_nofollow (name);
+# else
/* On Linux, acl_extended_file is an optimized function: It only
makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
ACL_TYPE_DEFAULT. */
ret = acl_extended_file (name);
+# endif
}
else /* FreeBSD, MacOS X, IRIX, Tru64 */
{
diff --git a/m4/acl.m4 b/m4/acl.m4
index d6a448a..ecf0384 100644
--- a/m4/acl.m4
+++ b/m4/acl.m4
@@ -33,7 +33,7 @@ AC_DEFUN([gl_FUNC_ACL],
AC_CHECK_FUNCS(
[acl_get_file acl_get_fd acl_set_file acl_set_fd \
acl_free acl_from_mode acl_from_text \
- acl_delete_def_file acl_extended_file \
+ acl_delete_def_file acl_extended_file acl_extended_file_nofollow \
acl_delete_fd_np acl_delete_file_np \
acl_copy_ext_native acl_create_entry_np \
acl_to_short_text acl_free_text])
--
1.7.6.586.g302e6