Commit f696a365 authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Al Viro
Browse files

[PATCH] move executable checking into ->permission() 



For execute permission on a regular files we need to check if file has
any execute bits at all, regardless of capabilites.

This check is normally performed by generic_permission() but was also
added to the case when the filesystem defines its own ->permission()
method.  In the latter case the filesystem should be responsible for
performing this check.

Move the check from inode_permission() inside filesystems which are
not calling generic_permission().

Create a helper function execute_ok() that returns true if the inode
is a directory or if any execute bits are present in i_mode.

Also fix up the following code:

 - coda control file is never executable
 - sysctl files are never executable
 - hfs_permission seems broken on MAY_EXEC, remove
 - hfsplus_permission is eqivalent to generic_permission(), remove

Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
parent 5cec56de

fs/cifs/cifsfs.c

+6 −3
Original line number Diff line number Diff line
@@ -275,9 +275,12 @@ static int cifs_permission(struct inode *inode, int mask) 


	cifs_sb = CIFS_SB(inode->i_sb);



	if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM)

	if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM) {

		if ((mask & MAY_EXEC) && !execute_ok(inode))

			return -EACCES;

		else

			return 0;

	else /* file mode might have been restricted at mount time

	} else /* file mode might have been restricted at mount time

		on the client (above and beyond ACL on servers) for

		servers which do not support setting and viewing mode bits,

		so allowing client to check permissions is useful */

fs/coda/dir.c

+3 −0
Original line number Diff line number Diff line
@@ -146,6 +146,9 @@ int coda_permission(struct inode *inode, int mask) 
	if (!mask)

		return 0; 



	if ((mask & MAY_EXEC) && !execute_ok(inode))

		return -EACCES;



	lock_kernel();



	if (coda_cache_check(inode, mask))

fs/coda/pioctl.c

+1 −1
Original line number Diff line number Diff line
@@ -43,7 +43,7 @@ const struct file_operations coda_ioctl_operations = { 
/* the coda pioctl inode ops */

static int coda_ioctl_permission(struct inode *inode, int mask)

{

        return 0;

	return (mask & MAY_EXEC) ? -EACCES : 0;

}



static int coda_pioctl(struct inode * inode, struct file * filp,

fs/hfs/inode.c

+0 −8
Original line number Diff line number Diff line
@@ -511,13 +511,6 @@ void hfs_clear_inode(struct inode *inode) 
	}

}



static int hfs_permission(struct inode *inode, int mask)

{

	if (S_ISREG(inode->i_mode) && mask & MAY_EXEC)

		return 0;

	return generic_permission(inode, mask, NULL);

}



static int hfs_file_open(struct inode *inode, struct file *file)

{

	if (HFS_IS_RSRC(inode))
@@ -616,7 +609,6 @@ static const struct inode_operations hfs_file_inode_operations = { 
	.lookup		= hfs_file_lookup,

	.truncate	= hfs_file_truncate,

	.setattr	= hfs_inode_setattr,

	.permission	= hfs_permission,

	.setxattr	= hfs_setxattr,

	.getxattr	= hfs_getxattr,

	.listxattr	= hfs_listxattr,

fs/hfsplus/inode.c

+0 −13
Original line number Diff line number Diff line
@@ -238,18 +238,6 @@ static void hfsplus_set_perms(struct inode *inode, struct hfsplus_perm *perms) 
	perms->dev = cpu_to_be32(HFSPLUS_I(inode).dev);

}



static int hfsplus_permission(struct inode *inode, int mask)

{

	/* MAY_EXEC is also used for lookup, if no x bit is set allow lookup,

	 * open_exec has the same test, so it's still not executable, if a x bit

	 * is set fall back to standard permission check.

	 */

	if (S_ISREG(inode->i_mode) && mask & MAY_EXEC && !(inode->i_mode & 0111))

		return 0;

	return generic_permission(inode, mask, NULL);

}





static int hfsplus_file_open(struct inode *inode, struct file *file)

{

	if (HFSPLUS_IS_RSRC(inode))
@@ -281,7 +269,6 @@ static int hfsplus_file_release(struct inode *inode, struct file *file) 
static const struct inode_operations hfsplus_file_inode_operations = {

	.lookup		= hfsplus_file_lookup,

	.truncate	= hfsplus_file_truncate,

	.permission	= hfsplus_permission,

	.setxattr	= hfsplus_setxattr,

	.getxattr	= hfsplus_getxattr,

	.listxattr	= hfsplus_listxattr,

CRA Git | Maintained and supported by SUSTech CRA and CCSE