)]}'
{
  "commit": "6de0ec00ba8db84d7c452e65e502989455ecb6ea",
  "tree": "804cf9f652e48aa30695124d6ab1915b0b8dd4d0",
  "parents": [
    "cdd6fe6e2f7eb8e940854317613885c33b1fe584"
  ],
  "author": {
    "name": "Jeff Layton",
    "email": "jlayton@redhat.com",
    "time": "Thu Oct 18 03:05:20 2007 -0700"
  },
  "committer": {
    "name": "Linus Torvalds",
    "email": "torvalds@woody.linux-foundation.org",
    "time": "Thu Oct 18 14:37:22 2007 -0700"
  },
  "message": "VFS: make notify_change pass ATTR_KILL_S*ID to setattr operations\n\nWhen an unprivileged process attempts to modify a file that has the setuid or\nsetgid bits set, the VFS will attempt to clear these bits.  The VFS will set\nthe ATTR_KILL_SUID or ATTR_KILL_SGID bits in the ia_valid mask, and then call\nnotify_change to clear these bits and set the mode accordingly.\n\nWith a networked filesystem (NFS and CIFS in particular but likely others),\nthe client machine or process may not have credentials that allow for setting\nthe mode.  In some situations, this can lead to file corruption, an operation\nfailing outright because the setattr fails, or to races that lead to a mode\nchange being reverted.\n\nIn this situation, we\u0027d like to just leave the handling of this to the server\nand ignore these bits.  The problem is that by the time the setattr op is\ncalled, the VFS has already reinterpreted the ATTR_KILL_* bits into a mode\nchange.  The setattr operation has no way to know its intent.\n\nThe following patch fixes this by making notify_change no longer clear the\nATTR_KILL_SUID and ATTR_KILL_SGID bits in the ia_valid before handing it off\nto the setattr inode op.  setattr can then check for the presence of these\nbits, and if they\u0027re set it can assume that the mode change was only for the\npurposes of clearing these bits.\n\nThis means that we now have an implicit assumption that notify_change is never\ncalled with ATTR_MODE and either ATTR_KILL_S*ID bit set.  Nothing currently\nenforces that, so this patch also adds a BUG() if that occurs.\n\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nCc: Michael Halcrow \u003cmhalcrow@us.ibm.com\u003e\nCc: Christoph Hellwig \u003chch@lst.de\u003e\nCc: Neil Brown \u003cneilb@suse.de\u003e\nCc: \"J. Bruce Fields\" \u003cbfields@fieldses.org\u003e\nCc: Chris Mason \u003cchris.mason@oracle.com\u003e\nCc: Jeff Mahoney \u003cjeffm@suse.com\u003e\nCc: \"Vladimir V. Saveliev\" \u003cvs@namesys.com\u003e\nCc: Josef \u0027Jeff\u0027 Sipek \u003cjsipek@cs.sunysb.edu\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: Steven French \u003csfrench@us.ibm.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "ae58bd3f875f9c92c9599bacebbab85ebdf2c800",
      "old_mode": 33188,
      "old_path": "fs/attr.c",
      "new_id": "966b73e25f82e06f69ad0eca22a3f6fe268c4cd0",
      "new_mode": 33188,
      "new_path": "fs/attr.c"
    }
  ]
}