* [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
@ 2009-05-09 2:55 Frank Filz
2009-05-13 8:50 ` Eugene Teo
0 siblings, 1 reply; 2+ messages in thread
From: Frank Filz @ 2009-05-09 2:55 UTC (permalink / raw)
To: NFS List, NFS V4 Mailing List; +Cc: Bruce Fields, Trond Myklebust
The problem is that permission checking is skipped if atomic open is
possible, but when exec opens a file, it just opens it O_READONLY which
means EXEC permission will not be checked at that time.
This problem is observed by the following sequence (executed as root):
mount -t nfs4 server:/ /mnt4
echo "ls" >/mnt4/foo
chmod 744 /mnt4/foo
su guest -c "mnt4/foo"
Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
---
fs/nfs/dir.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 370b190..89f98e9 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1943,7 +1943,8 @@ int nfs_permission(struct inode *inode, int mask)
case S_IFREG:
/* NFSv4 has atomic_open... */
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
- && (mask & MAY_OPEN))
+ && (mask & MAY_OPEN)
+ && !(mask & MAY_EXEC))
goto out;
break;
case S_IFDIR:
--
1.5.2.2
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
_______________________________________________
Please note that nfs@lists.sourceforge.net is being discontinued.
Please subscribe to linux-nfs@vger.kernel.org instead.
http://vger.kernel.org/vger-lists.html#linux-nfs
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
2009-05-09 2:55 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission Frank Filz
@ 2009-05-13 8:50 ` Eugene Teo
0 siblings, 0 replies; 2+ messages in thread
From: Eugene Teo @ 2009-05-13 8:50 UTC (permalink / raw)
To: Frank Filz; +Cc: linux-nfs, nfsv4
Frank Filz wrote:
> The problem is that permission checking is skipped if atomic open is
> possible, but when exec opens a file, it just opens it O_READONLY which
> means EXEC permission will not be checked at that time.
>
> This problem is observed by the following sequence (executed as root):
>
> mount -t nfs4 server:/ /mnt4
> echo "ls" >/mnt4/foo
> chmod 744 /mnt4/foo
> su guest -c "mnt4/foo"
>
> Signed-off-by: Frank Filz <ffilzlnx at us.ibm.com>
Tested-by: Eugene Teo <eugeneteo@kernel.sg>
I have tested this on 2.6.29.3, and I can confirm that the patch fixed
the problem.
Btw, this looks like the same problem that was reported in 2006:
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
Thanks, Eugene
_______________________________________________
NFSv4 mailing list
NFSv4@linux-nfs.org
http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-05-13 8:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-09 2:55 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission Frank Filz
2009-05-13 8:50 ` Eugene Teo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox