mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-09 06:33:34 +00:00
[PATCH] take noexec checks to very few callers that care
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
e56b6a5dda
commit
30524472c2
@ -118,6 +118,10 @@ asmlinkage long sys_uselib(const char __user * library)
|
||||
if (!S_ISREG(nd.path.dentry->d_inode->i_mode))
|
||||
goto exit;
|
||||
|
||||
error = -EACCES;
|
||||
if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
|
||||
goto exit;
|
||||
|
||||
error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN);
|
||||
if (error)
|
||||
goto exit;
|
||||
@ -668,6 +672,9 @@ struct file *open_exec(const char *name)
|
||||
if (!S_ISREG(nd.path.dentry->d_inode->i_mode))
|
||||
goto out_path_put;
|
||||
|
||||
if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
|
||||
goto out_path_put;
|
||||
|
||||
err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN);
|
||||
if (err)
|
||||
goto out_path_put;
|
||||
|
@ -252,15 +252,6 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
|
||||
/*
|
||||
* MAY_EXEC on regular files is denied if the fs is mounted
|
||||
* with the "noexec" flag.
|
||||
*/
|
||||
if (mnt && (mnt->mnt_flags & MNT_NOEXEC))
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
/* Ordinary permission routines do not understand MAY_APPEND. */
|
||||
if (inode->i_op && inode->i_op->permission) {
|
||||
retval = inode->i_op->permission(inode, mask);
|
||||
|
10
fs/open.c
10
fs/open.c
@ -461,6 +461,16 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
|
||||
if (res)
|
||||
goto out;
|
||||
|
||||
if ((mode & MAY_EXEC) && S_ISREG(nd.path.dentry->d_inode->i_mode)) {
|
||||
/*
|
||||
* MAY_EXEC on regular files is denied if the fs is mounted
|
||||
* with the "noexec" flag.
|
||||
*/
|
||||
res = -EACCES;
|
||||
if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
|
||||
goto out_path_release;
|
||||
}
|
||||
|
||||
res = vfs_permission(&nd, mode | MAY_ACCESS);
|
||||
/* SuS v2 requires we report a read only fs too */
|
||||
if(res || !(mode & S_IWOTH) ||
|
||||
|
Loading…
Reference in New Issue
Block a user