From: Eugene Teo <eteo@redhat.com> Date: Tue, 14 Oct 2008 11:02:21 +0800 Subject: [fs] don't allow splice to files opened with O_APPEND Message-id: 48F40BBD.8000203@redhat.com O-Subject: [RHEL5.3 patch] BZ#466710 kernel: don't allow splice() to files opened with O_APPEND Bugzilla: 466710 RH-Acked-by: Eric Paris <eparis@redhat.com> RH-Acked-by: Jiri Pirko <jpirko@redhat.com> RH-Acked-by: Jeff Moyer <jmoyer@redhat.com> CVE: CVE-2008-4554 This is for bz#466710. Miklos Szeredi reported that splice() to files opened with O_APPEND are ignored, which allows users to bypass the append-only restriction. Backport of upstream commit: efc968d450e013049a662d22727cf132618dcb2f Brew build: http://porkchop.redhat.com/brewroot/scratch/eteo/task_1516816 Test status: Booted on i686. Signed-off-by: Eugene Teo <eteo@redhat.com> diff --git a/fs/splice.c b/fs/splice.c index 32e0cc1..76aa3c0 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -897,6 +897,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, if (unlikely(!(out->f_mode & FMODE_WRITE))) return -EBADF; + if (unlikely(out->f_flags & O_APPEND)) + return -EINVAL; + ret = rw_verify_area(WRITE, out, ppos, len); if (unlikely(ret < 0)) return ret;