From mboxrd@z Thu Jan 1 00:00:00 1970 From: Trond Myklebust Subject: Re: [patch 11/14] vfs: move executable checking into ->permission() Date: Wed, 21 May 2008 14:16:33 -0400 Message-ID: <1211393793.7486.15.camel@localhost> References: <20080521171458.077908538@szeredi.hu> <20080521171557.399850407@szeredi.hu> Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Cc: linux-fsdevel@vger.kernel.org, hch@infradead.org, viro@ZenIV.linux.org.uk, linux-kernel@vger.kernel.org To: Miklos Szeredi Return-path: Received: from pat.uio.no ([129.240.10.15]:55359 "EHLO pat.uio.no" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S935045AbYEUSQi (ORCPT ); Wed, 21 May 2008 14:16:38 -0400 In-Reply-To: <20080521171557.399850407@szeredi.hu> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Wed, 2008-05-21 at 19:15 +0200, Miklos Szeredi wrote: > +/** > + * exec_permission - check for general execute permission on file > + * @inode: inode to check access rights for > + * @mask: right to check for > + * > + * Exec permission on a regular file is denied if none of the execute > + * bits are set. > + * > + * This needs to be called by filesystems which define a > + * ->permission() method, and don't call generic_permission(). > + */ > +int exec_permission(struct inode *inode, int mask) > +{ > + if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode) && > + !(inode->i_mode & S_IXUGO)) > + return -EACCES; > + > + return 0; > +} Hmm... What if !(mask & MAY_EXEC)? AFAICS, the above will return 0. A better approach would be to use something like if (!(mask & MAY_EXEC)) return -EACCES; if (S_ISREG(inode->i_mode) && !(inode->i_mode & S_IXUGO)) return -EACCES; return 0;