diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2006-08-22 20:06:03 -0400 |
---|---|---|
committer | Trond Myklebust <Trond.Myklebust@netapp.com> | 2006-08-24 15:54:58 -0400 |
commit | a343bb7750e6a098909c34f5c5dfddbc4fa40053 (patch) | |
tree | f4125368b85270b4fd619ae317ce0796605c579e /fs/namei.c | |
parent | 16b4289c7460ba9c04af40c574949dcca9029658 (diff) | |
download | linux-a343bb7750e6a098909c34f5c5dfddbc4fa40053.tar.gz linux-a343bb7750e6a098909c34f5c5dfddbc4fa40053.tar.bz2 linux-a343bb7750e6a098909c34f5c5dfddbc4fa40053.zip |
VFS: Fix access("file", X_OK) in the presence of ACLs
Currently, the access() call will return incorrect information on NFS if
there exists an ACL that grants execute access to the user on a regular
file. The reason the information is incorrect is that the VFS overrides
this execute access in open_exec() by checking (inode->i_mode & 0111).
This patch propagates the VFS execute bit check back into the generic
permission() call.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
(cherry picked from 64cbae98848c4c99851cb0a405f0b4982cd76c1e commit)
Diffstat (limited to 'fs/namei.c')
-rw-r--r-- | fs/namei.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/fs/namei.c b/fs/namei.c index 863166441bf3..432d6bc6fab0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -227,10 +227,10 @@ int generic_permission(struct inode *inode, int mask, int permission(struct inode *inode, int mask, struct nameidata *nd) { + umode_t mode = inode->i_mode; int retval, submask; if (mask & MAY_WRITE) { - umode_t mode = inode->i_mode; /* * Nobody gets write access to a read-only fs. @@ -247,6 +247,13 @@ int permission(struct inode *inode, int mask, struct nameidata *nd) } + /* + * MAY_EXEC on regular files requires special handling: We override + * filesystem execute permissions if the mode bits aren't set. + */ + if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO)) + return -EACCES; + /* Ordinary permission routines do not understand MAY_APPEND. */ submask = mask & ~MAY_APPEND; if (inode->i_op && inode->i_op->permission) |