Skip to content

Commit

Permalink
Don't allow accessing XATTR via export handle
Browse files Browse the repository at this point in the history
Allow accessing XATTR through export handle is a very bad idea. It
would allow user to write whatever they want in fields where they
otherwise could not.

Signed-off-by: Chunwei Chen <[email protected]>
Signed-off-by: Brian Behlendorf <[email protected]>
Issue openzfs#4828
  • Loading branch information
Chunwei Chen authored and nedbass committed Sep 9, 2016
1 parent 2792d85 commit 22d5a19
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions module/zfs/zfs_vfsops.c
Original file line number Diff line number Diff line change
Expand Up @@ -1614,6 +1614,14 @@ zfs_vget(struct super_block *sb, struct inode **ipp, fid_t *fidp)
ZFS_EXIT(zsb);
return (err);
}

/* Don't export xattr stuff */
if (zp->z_pflags & ZFS_XATTR) {
iput(ZTOI(zp));
ZFS_EXIT(zsb);
return (SET_ERROR(ENOENT));
}

(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zsb), &zp_gen,
sizeof (uint64_t));
zp_gen = zp_gen & gen_mask;
Expand Down

0 comments on commit 22d5a19

Please sign in to comment.