From: Trond Myklebust <Trond.Myklebust@netapp.com>
To: linux-fsdevel@vger.kernel.org, akpm@osdl.org
Subject: [PATCH 1/3] VFS: Fix access("file", X_OK) in the presence of ACLs
Date: Wed, 12 Jul 2006 13:50:07 -0400 [thread overview]
Message-ID: <20060712175006.7413.91738.stgit@lade.trondhjem.org> (raw)
From: Trond Myklebust <Trond.Myklebust@netapp.com>
Currently, the access() call will return incorrect information on NFS if
there exists an ACL that grants execute access to the user on a regular
file. The reason the information is incorrect is that the VFS overrides
this execute access in open_exec() by checking (inode->i_mode & 0111).
This patch propagates the VFS execute bit check back into the generic
permission() call.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
---
fs/namei.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 664b4a5..08cc418 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -227,10 +227,10 @@ int generic_permission(struct inode *ino
int permission(struct inode *inode, int mask, struct nameidata *nd)
{
+ umode_t mode = inode->i_mode;
int retval, submask;
if (mask & MAY_WRITE) {
- umode_t mode = inode->i_mode;
/*
* Nobody gets write access to a read-only fs.
@@ -247,6 +247,13 @@ int permission(struct inode *inode, int
}
+ /*
+ * MAY_EXEC on regular files requires special handling: We override
+ * filesystem execute permissions if the mode bits aren't set.
+ */
+ if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO))
+ return -EACCES;
+
/* Ordinary permission routines do not understand MAY_APPEND. */
submask = mask & ~MAY_APPEND;
if (inode->i_op && inode->i_op->permission)
next reply other threads:[~2006-07-12 17:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-12 17:50 Trond Myklebust [this message]
2006-07-12 17:50 ` [PATCH 2/3] VFS: Remove redundant open-coded mode bit check in prepare_binfmt() Trond Myklebust
2006-07-12 17:50 ` [PATCH 3/3] VFS: Remove redundant open-coded mode bit checks in open_exec() Trond Myklebust
2006-07-13 13:59 ` [PATCH 1/3] VFS: Fix access("file", X_OK) in the presence of ACLs Peter Staubach
2006-07-13 14:13 ` Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060712175006.7413.91738.stgit@lade.trondhjem.org \
--to=trond.myklebust@netapp.com \
--cc=akpm@osdl.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).