mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-07 13:53:24 +00:00
VFS: Fix access("file", X_OK) in the presence of ACLs
Currently, the access() call will return incorrect information on NFS if there exists an ACL that grants execute access to the user on a regular file. The reason the information is incorrect is that the VFS overrides this execute access in open_exec() by checking (inode->i_mode & 0111). This patch propagates the VFS execute bit check back into the generic permission() call. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> (cherry picked from 64cbae98848c4c99851cb0a405f0b4982cd76c1e commit)
This commit is contained in:
parent
16b4289c74
commit
a343bb7750
@ -227,10 +227,10 @@ int generic_permission(struct inode *inode, int mask,
|
||||
|
||||
int permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
{
|
||||
umode_t mode = inode->i_mode;
|
||||
int retval, submask;
|
||||
|
||||
if (mask & MAY_WRITE) {
|
||||
umode_t mode = inode->i_mode;
|
||||
|
||||
/*
|
||||
* Nobody gets write access to a read-only fs.
|
||||
@ -247,6 +247,13 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* MAY_EXEC on regular files requires special handling: We override
|
||||
* filesystem execute permissions if the mode bits aren't set.
|
||||
*/
|
||||
if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO))
|
||||
return -EACCES;
|
||||
|
||||
/* Ordinary permission routines do not understand MAY_APPEND. */
|
||||
submask = mask & ~MAY_APPEND;
|
||||
if (inode->i_op && inode->i_op->permission)
|
||||
|
Loading…
Reference in New Issue
Block a user