From: Jamie Lokier <jamie@shareable.org>
To: Eric Paris <eparis@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
viro@zeniv.linux.org.uk, hch@infradead.org
Subject: Re: [PATCH] VFS: document what MAY_ACCESS means
Date: Mon, 21 Sep 2009 09:10:47 +0100 [thread overview]
Message-ID: <20090921081047.GA20006@shareable.org> (raw)
In-Reply-To: <20090921012933.2631.85495.stgit@paris.rdu.redhat.com>
Eric Paris wrote:
> The vfs MAY_ACCESS flag really means that we might not use the object
> immediately (consider chdir which might not actually use the new dir).
> Thus permissions must be checked rather than relying on checkes during
> later access of the object in question. This patch just adds some
> documentation so the meaning of the flag is clear. I would rename the flag,
> but it's already visable (although useless) to userspace.
As it's intended to clarify the meaning, I must admit that I didn't
find the comment clear at all! I had to grep the code for MAY_ACCESS
to understand what your comment meant.
Especially what was meant by "chdir which might not actually use the
new dir".
Suggest: MAY_ACCESS means we are calling from access() or chdir() and
won't do the actual read/write/exec/appene/open, so ->permission()
must fully check the permission and not assume it can optimise away checks.
(Btw, side issue: I was very surprised to find fchdir() to an open
directory can fail on NFS due to change of permissions, so the pattern
dir = open("."); chdir("foo"); fchdir(dir) can fail to restore the
current directory).
-- Jamie
>
> Signed-off-by: Eric Paris <eparis@redhat.com>
> ---
>
> include/linux/fs.h | 7 +++++++
> 1 files changed, 7 insertions(+), 0 deletions(-)
>
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 215b708..f683b29 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -51,6 +51,13 @@ struct inodes_stat_t {
> #define MAY_WRITE 2
> #define MAY_READ 4
> #define MAY_APPEND 8
> +/*
> + * The vfs MAY_ACCESS flag really means that we might not use the object
> + * immediately (consider chdir which might not actually use the new dir).
> + * Thus permissions must be checked mmediately rather than relying on later
> + * checks during the actual user of the object in question. This is an
> + * internal flag and should not come from userspace.
> + */
> #define MAY_ACCESS 16
> #define MAY_OPEN 32
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-09-21 8:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-21 1:29 [PATCH] VFS: document what MAY_ACCESS means Eric Paris
2009-09-21 1:52 ` Nicholas Miell
2009-09-21 8:10 ` Jamie Lokier [this message]
2009-09-21 12:29 ` Trond Myklebust
2009-09-21 18:53 ` Jamie Lokier
2009-09-21 20:18 ` Trond Myklebust
2009-09-21 21:39 ` fchdir, EACCESS and when to check (was: [PATCH] VFS: document what MAY_ACCESS means) Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090921081047.GA20006@shareable.org \
--to=jamie@shareable.org \
--cc=eparis@redhat.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.