diff options
| author | Neil Brown <neilb@cse.unsw.edu.au> | 2003-04-12 13:04:11 -0700 |
|---|---|---|
| committer | James Bottomley <jejb@raven.il.steeleye.com> | 2003-04-12 13:04:11 -0700 |
| commit | 4fe1336464cfb2d5c8a67d956ab2277e277ffcf2 (patch) | |
| tree | f57467f310ce67f95ea98df60b5f4cebe56b15e1 | |
| parent | 3a280533cdd6695d8589b7c42cc82fceca7c4d92 (diff) | |
[PATCH] kNFSd: Return correct result for ACCESS(READ) on eXecute-only file.
Currently, an NFSv3 ACCESS check for READ permission on an
eXecute-only file will succeed where it should fail.
This is because nfsd_permission allows READ access to eXecute only
files so that mode 711 executables can be loaded and run, and
nfsd_access simply uses nfsd_permission.
This patch changes nfsd_permission to only map eXecute permission to
read permission of MAY_OWNER_OVERRIDE was set. This is only set
when trying to read from a file, so ACCESS will no longer be tricked.
This change will only affect callers of nfsd_permission that specify
MAY_READ and not MAY_OWNER_OVERRIDE, and nfsd_access is the only
routine that calls nfsd_permission (via fh_verify) that way.
| -rw-r--r-- | fs/nfsd/vfs.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 1030d80727ca..0334d92e5305 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1568,13 +1568,11 @@ nfsd_permission(struct svc_export *exp, struct dentry *dentry, int acc) inode->i_uid == current->fsuid) return 0; - acc &= ~ MAY_OWNER_OVERRIDE; /* This bit is no longer needed, - and gets in the way later */ - err = permission(inode, acc & (MAY_READ|MAY_WRITE|MAY_EXEC)); /* Allow read access to binaries even when mode 111 */ - if (err == -EACCES && S_ISREG(inode->i_mode) && acc == MAY_READ) + if (err == -EACCES && S_ISREG(inode->i_mode) && + acc == (MAY_READ | MAY_OWNER_OVERRIDE)) err = permission(inode, MAY_EXEC); return err? nfserrno(err) : 0; |