1Mon Oct 24 23:27:42 1994  Theodore Y. Ts'o  (tytso@rt-11)
2
3	* fcntl.c (sys_fcntl): Liberalize security checks which Alan Cox
4		put in.
5
6Thu Oct 20 23:44:22 1994  Theodore Y. Ts'o  (tytso@rt-11)
7
8	* fcntl.c (sys_fcntl): Add more of a security check to the
9		F_SETOWN fcntl().
10
11[Tons of changes missed, indeed. This list is worth restarting since
12at least some fixes WILL break third-party filesystems. Sorry, but
13there was no other way to fix rmdir/rename deadlock, for one.]
14
15Wed Dec  2 (Linus, fill the rest, please)
16
17	* namei.c (do_rmdir) and rmdir method in filesystems:
18		Locking of directory we remove was taken to VFS.
19		See comments in do_rmdir(). Unfixed filesystems
20		will bloody likely deadlock in rmdir().
21
22Thu Dec  3 17:25:31 1998  Al Viro (viro@math.psu.edu)
23
24	* namei.c (do_rmdir):
25		Reject non-directories here.
26		Two (probably) obsolete checks moved here too: we fail if
27		the directory we remove is the same as parent (BUG: we
28		serve mountpoints later) or if it lives on a different
29		device.
30	* sysv/namei.c (sysv_rmdir):	See sysv/CHANGES
31
32Fri Dec  4 00:54:12 1998  AV
33
34	* namei.c (check_sticky): New function check_sticky(dir, inode).
35		If dir is sticky check whether we can unlink/rmdir/rename
36		the inode. Returns 1 if we can't. If dir isn't sticky -
37		return 0 (i.e. no objections). Some filesystems require
38		suser() here; some are fine with CAP_FOWNER. The later
39		seems more reasonable.
40	* namei.c (do_rmdir):
41		Moved the check for sticky bit here.
42	* affs/{inode,namei}.c:
43		All AFFS directories have sticky semantics (i.e. non-owner
44		having write permisssions on directory can unlink/rmdir/rename
45		only the files he owns), but AFFS didn't set S_ISVTX on them.
46		Fixed. NB: maybe this behaviour should be controlled by mount
47		option. Obvious values being 'sticky' (current behaviour),
48		'nonsticky' (normal behaviour) and maybe some play on 'D'
49		permissions bit. FIXME.
50	* qnx4/namei.c (qnx4_rmdir):
51		Plugged inode leak.
52	* ufs/namei.c (ufs_rmdir):
53		Changed handling of busy directory to new scheme.
54
55Fri Dec  4 10:30:58 1998  AV
56
57	* namei.c (VFS_rmdir): New function. It gets inode of the parent and
58		dentry of the victim, does all checks and applies fs-specific
59		rmdir() method. It should be called with semaphores down
60		on both the victim and its parent and with bumped d_count on
61		victim (see comments in do_rmdir).
62	* include/linux/fs.h: Added VFS_rmdir
63	* kernel/ksyms.c: Added VFS_rmdir to export list (for NFSD).
64	* nfsd/vfs.c: Fixed rmdir handling.
65
66Tue Dec  8 05:55:08 1998  AV
67	* vfat/namei.c: Fixed the bug in vfat_rename() introduced in the
68		first round of rmdir fixes.
69
70Wed Dec  9 03:06:10 1998  AV
71	* namei.c (do_rename): part of fs-independent checks had been moved
72		here (sticky bit handling, type mismatches). Cases of
73		the source or target being append-only or immutable also went
74		here - if we check it for parent we could as well do it for
75		children.
76	* {affs,ext2,minix,sysv,ufs}/namei.c (do_*_rename):
77		Removed tests that went to VFS, it simplified the code big way.
78		Fixed a race in check for empty target - we should check for
79		extra owners _before_ checking for emptiness, not after it.
80	* {ext2,ufs}/namei.c (do_*_rename):
81		VERY nasty bug shot: if somebody mkdired /tmp/cca01234, went
82		there, rmdired '.', waited till somebody created a file with
83		the same name and said mv . /tmp/goodbye_sticky_bit... Well,
84		goodbye sticky bit. Down, not across!
85	* {minix,sysv}/namei.c (do_*_rename):
86		Incorrect check for other owners (i_count instead of d_count).
87		Fixed.
88	* vfat: Looks like the changes above fixed a bug in VFAT - this beast
89		used to allow renaming file over directory and vice versa.
90
91Wed Dec  9 08:00:27 1998  AV
92	* namei.c (VFS_rename): New function. It gets the same arguments as
93		->rename() method, does all checks and applies fs-specific
94		rmdir() method. It should be called with semaphores down
95		on both parents.
96	* include/linux/fs.h: Added VFS_rename
97	* kernel/ksyms.c: Added VFS_rename to export list (for NFSD).
98	* nfsd/vfs.c: Changed rename handling (switched to VFS_rename).
99
100Wed Dec  9 18:16:27 1998  AV
101	* namei.c (do_unlink): handling of sticky bit went here.
102	* {affs,ext2,minix,qnx4,sysv,ufs}/namei.c (*_unlink):
103		removed handling of sticky bit.
104	* qnx4/namei.c (qnx4_unlink):
105		Yet another inode leak. Fixed.
106
107Thu Dec 10 04:55:26 1998  AV
108	* {ext2,minix,sysv,ufs}/namei.c (*_mknod):
109		removed meaningless code handling attempts to mknod symlinks
110		and directories. VFS protects us from _that_ and if this code
111		would ever be called we'ld get a filesystem corruption.
112
113Thu Dec 10 16:58:50 1998  AV
114	* namei.c (do_rename): Fixed dentry leak that had been introduced by
115		the first round of rmdir fixes.
116
117Fri Dec 11 14:57:17 1998  AV
118	* msdos/namei.c (msdos_rmdir): Fixed race in emptiness check.
119
120Sat Dec 12 19:59:57 1998  AV
121	* msdos/namei.c (msdos_mkdir): Fixed the evil breakage introduced by
122		the changes of rmdir locking scheme. We shouldn't call
123		msdos_rmdir from there.
124
125Sun Dec 13 02:05:16 1998  AV
126	* namei.c (do_unlink):
127		Added new function: vfs_unlink, with the same arguments as
128		->unlink() method.
129	* kernel/ksyms.c: Made it exported.
130	* include/linux/fs.h: Added prototype.
131	* nfsd/vfs.c: Changed handling of unlink (switched to vfs_unlink)
132	* {ext2,ufs}/namei.c (*_unlink): moved handling of imm./append-only to
133		VFS.
134
135Wed Dec 16 06:10:04 1998  AV
136	* namei.c (may_create, may_delete): New inline functions.
137		They check whether creation/deletion is permitted.
138		Checks from other places of namei.c went there.
139		Looks like originally I misread permission-related stuff
140		both here and in nfsd. In particular, checks for
141		immutable are done in permission(). D'oh.
142	* unlink on directory should return -EISDIR, not -EPERM as it used to
143		do. Fixed.
144	* rmdir of immutable/append-only directory shouldn't be allowed. Fixed.
145
146Remains unfixed:
147	* rename's handling of races is, erm, not optimal. Looks like I know
148		what to do, but this thing needs some more cleanup - we can
149		take care of almost all races in VFS and be much more graceful
150		wrt locking. Moreover, it would give strong lookup atomicity.
151		But it's a lot of changes to lookup and dcache code, so it will
152		go after the fs drivers' cleanup.
153	* affs allows HARD links to directories. VFS is, to put it politely,
154		not too ready to cope with _that_. And I'm not sure it should
155		be - looks like they are pretty much similar to symlinks.
156	* truncate doesn't give a damn about IO errors and disk overflows (on
157		braindead filesystems). I've submitted a patch to Linus, but
158		looks like it wasn't applied.
159	* msdos: shouldn't we treat SYS as IMMUTABLE? Makes sense, IMHO.
160