From mboxrd@z Thu Jan 1 00:00:00 1970 From: Trond Myklebust Subject: [PATCH 1/3] VFS: Fix access("file", X_OK) in the presence of ACLs Date: Wed, 12 Jul 2006 13:50:07 -0400 Message-ID: <20060712175006.7413.91738.stgit@lade.trondhjem.org> Content-Type: text/plain; charset=utf-8; format=fixed Content-Transfer-Encoding: 8bit Return-path: Received: from dh134.citi.umich.edu ([141.211.133.134]:37826 "EHLO lade.trondhjem.org") by vger.kernel.org with ESMTP id S932174AbWGLRuI (ORCPT ); Wed, 12 Jul 2006 13:50:08 -0400 To: linux-fsdevel@vger.kernel.org, akpm@osdl.org Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org From: Trond Myklebust Currently, the access() call will return incorrect information on NFS if there exists an ACL that grants execute access to the user on a regular file. The reason the information is incorrect is that the VFS overrides this execute access in open_exec() by checking (inode->i_mode & 0111). This patch propagates the VFS execute bit check back into the generic permission() call. Signed-off-by: Trond Myklebust --- fs/namei.c | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 664b4a5..08cc418 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -227,10 +227,10 @@ int generic_permission(struct inode *ino int permission(struct inode *inode, int mask, struct nameidata *nd) { + umode_t mode = inode->i_mode; int retval, submask; if (mask & MAY_WRITE) { - umode_t mode = inode->i_mode; /* * Nobody gets write access to a read-only fs. @@ -247,6 +247,13 @@ int permission(struct inode *inode, int } + /* + * MAY_EXEC on regular files requires special handling: We override + * filesystem execute permissions if the mode bits aren't set. + */ + if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO)) + return -EACCES; + /* Ordinary permission routines do not understand MAY_APPEND. */ submask = mask & ~MAY_APPEND; if (inode->i_op && inode->i_op->permission)