From: NeilBrown <neilb@suse.de>
To: Andrew Morton <akpm@osdl.org>
Cc: nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Subject: [PATCH 002 of 5] knfsd: nfsd4: fix open permission checking
Date: Tue, 17 Oct 2006 09:30:15 +1000 [thread overview]
Message-ID: <1061016233015.11330@suse.de> (raw)
In-Reply-To: 20061017092702.11224.patches@notabene
From: "J. Bruce Fields" <bfields@fieldses.org>
We weren't actually checking for SHARE_ACCESS_WRITE, with the result that
the owner could open a non-writeable file for write!
Continue to allow DENY_WRITE only with write access.
Thanks to Jim Rees for reporting the bug.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
### Diffstat output
./fs/nfsd/nfs4proc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff .prev/fs/nfsd/nfs4proc.c ./fs/nfsd/nfs4proc.c
--- .prev/fs/nfsd/nfs4proc.c 2006-10-17 09:02:26.000000000 +1000
+++ ./fs/nfsd/nfs4proc.c 2006-10-17 09:04:13.000000000 +1000
@@ -78,8 +78,10 @@ do_open_permission(struct svc_rqst *rqst
if (open->op_share_access & NFS4_SHARE_ACCESS_READ)
accmode |= MAY_READ;
- if (open->op_share_deny & NFS4_SHARE_ACCESS_WRITE)
+ if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE)
accmode |= (MAY_WRITE | MAY_TRUNC);
+ if (open->op_share_deny & NFS4_SHARE_DENY_WRITE)
+ accmode |= MAY_WRITE;
status = fh_verify(rqstp, current_fh, S_IFREG, accmode);
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
WARNING: multiple messages have this Message-ID (diff)
From: NeilBrown <neilb@suse.de>
To: Andrew Morton <akpm@osdl.org>
Cc: nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Subject: [PATCH 002 of 5] knfsd: nfsd4: fix open permission checking
Date: Tue, 17 Oct 2006 09:30:15 +1000 [thread overview]
Message-ID: <1061016233015.11330@suse.de> (raw)
In-Reply-To: 20061017092702.11224.patches@notabene
From: "J. Bruce Fields" <bfields@fieldses.org>
We weren't actually checking for SHARE_ACCESS_WRITE, with the result that
the owner could open a non-writeable file for write!
Continue to allow DENY_WRITE only with write access.
Thanks to Jim Rees for reporting the bug.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
### Diffstat output
./fs/nfsd/nfs4proc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff .prev/fs/nfsd/nfs4proc.c ./fs/nfsd/nfs4proc.c
--- .prev/fs/nfsd/nfs4proc.c 2006-10-17 09:02:26.000000000 +1000
+++ ./fs/nfsd/nfs4proc.c 2006-10-17 09:04:13.000000000 +1000
@@ -78,8 +78,10 @@ do_open_permission(struct svc_rqst *rqst
if (open->op_share_access & NFS4_SHARE_ACCESS_READ)
accmode |= MAY_READ;
- if (open->op_share_deny & NFS4_SHARE_ACCESS_WRITE)
+ if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE)
accmode |= (MAY_WRITE | MAY_TRUNC);
+ if (open->op_share_deny & NFS4_SHARE_DENY_WRITE)
+ accmode |= MAY_WRITE;
status = fh_verify(rqstp, current_fh, S_IFREG, accmode);
next prev parent reply other threads:[~2006-10-16 23:30 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-16 23:30 [PATCH 000 of 5] knfsd: Introduction - bugfixes for 2.6.19 NeilBrown
2006-10-16 23:30 ` NeilBrown
2006-10-16 23:30 ` [PATCH 001 of 5] knfsd: nfsd4: fix owner-override on open NeilBrown
2006-10-16 23:30 ` NeilBrown
2006-10-16 23:30 ` NeilBrown [this message]
2006-10-16 23:30 ` [PATCH 002 of 5] knfsd: nfsd4: fix open permission checking NeilBrown
2006-10-16 23:30 ` [PATCH 003 of 5] knfsd: nfsd4: Fix error handling in nfsd's callback client NeilBrown
2006-10-16 23:30 ` NeilBrown
2006-10-16 23:30 ` [PATCH 004 of 5] knfsd: Fix bug in recent lockd patches that can cause reclaim to fail NeilBrown
2006-10-16 23:30 ` NeilBrown
2006-10-16 23:30 ` [PATCH 005 of 5] knfsd: Allow lockd to drop replys as appropriate NeilBrown
2006-10-16 23:30 ` NeilBrown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1061016233015.11330@suse.de \
--to=neilb@suse.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.