From: Eugene Teo <eugene@redhat.com>
To: Frank Filz <ffilzlnx@us.ibm.com>
Cc: NFS List <linux-nfs@vger.kernel.org>,
NFS V4 Mailing List <nfsv4@linux-nfs.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
security@kernel.org, Trond Myklebust <trond.myklebust@fys.uio.no>,
Bruce Fields <bfields@fieldses.org>
Subject: Re: [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
Date: Tue, 19 May 2009 08:13:11 +0800 [thread overview]
Message-ID: <4A11F997.5030602@redhat.com> (raw)
In-Reply-To: <1242674983.4273.8.camel@dyn9047022153>
Frank Filz wrote:
> Sorry for the resend, got lkml address wrong...
>
> The problem is that permission checking is skipped if atomic open is
> possible, but when exec opens a file, it just opens it O_READONLY which
> means EXEC permission will not be checked at that time.
>
> This problem is observed by the following sequence (executed as root):
>
> mount -t nfs4 server:/ /mnt4
> echo "ls" >/mnt4/foo
> chmod 744 /mnt4/foo
> su guest -c "mnt4/foo"
>
> Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
Tested-by: Eugene Teo <eugeneteo-X4ZF2iejbADYtjvyW6yDsg@public.gmane.org>
Thanks, Eugene
WARNING: multiple messages have this Message-ID (diff)
From: Eugene Teo <eugene@redhat.com>
To: Frank Filz <ffilzlnx@us.ibm.com>
Cc: NFS List <linux-nfs@vger.kernel.org>,
NFS V4 Mailing List <nfsv4@linux-nfs.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
security@kernel.org, Trond Myklebust <trond.myklebust@fys.uio.no>,
Bruce Fields <bfields@fieldses.org>
Subject: Re: [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
Date: Tue, 19 May 2009 08:13:11 +0800 [thread overview]
Message-ID: <4A11F997.5030602@redhat.com> (raw)
In-Reply-To: <1242674983.4273.8.camel@dyn9047022153>
Frank Filz wrote:
> Sorry for the resend, got lkml address wrong...
>
> The problem is that permission checking is skipped if atomic open is
> possible, but when exec opens a file, it just opens it O_READONLY which
> means EXEC permission will not be checked at that time.
>
> This problem is observed by the following sequence (executed as root):
>
> mount -t nfs4 server:/ /mnt4
> echo "ls" >/mnt4/foo
> chmod 744 /mnt4/foo
> su guest -c "mnt4/foo"
>
> Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
Tested-by: Eugene Teo <eugeneteo@kernel.sg>
Thanks, Eugene
next prev parent reply other threads:[~2009-05-19 0:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-18 19:29 [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission Frank Filz
2009-05-18 19:29 ` Frank Filz
2009-05-19 0:13 ` Eugene Teo [this message]
2009-05-19 0:13 ` Eugene Teo
-- strict thread matches above, loose matches on Subject: below --
2009-05-18 19:25 Frank Filz
2009-05-09 2:55 [NFS] " Frank Filz
2009-05-13 8:50 ` Eugene Teo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A11F997.5030602@redhat.com \
--to=eugene@redhat.com \
--cc=bfields@fieldses.org \
--cc=ffilzlnx@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=nfsv4@linux-nfs.org \
--cc=security@kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.