nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.

The problem is that permission checking is skipped if atomic open is possible, but when exec opens a file, it just opens it O_READONLY which means EXEC permission will not be checked at that time. This problem is observed by the following sequence (executed as root): mount -t nfs4 server:/ /mnt4 echo "ls" >/mnt4/foo chmod 744 /mnt4/foo su guest -c "mnt4/foo" Signed-off-by: N Frank Filz <ffilzlnx@us.ibm.com> Signed-off-by: N Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@kernel.org Tested-by: N Eugene Teo <eugeneteo@kernel.sg> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>

nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
The problem is that permission checking is skipped if atomic open is possible, but when exec opens a file, it just opens it O_READONLY which means EXEC permission will not be checked at that time. This problem is observed by the following sequence (executed as root): mount -t nfs4 server:/ /mnt4 echo "ls" >/mnt4/foo chmod 744 /mnt4/foo su guest -c "mnt4/foo" Signed-off-by: N Frank Filz <ffilzlnx@us.ibm.com> Signed-off-by: N Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@kernel.org Tested-by: N Eugene Teo <eugeneteo@kernel.sg> Signed-off-by: N Linus Torvalds <torvalds@linux-foundation.org>
7ee2cb7f · Frank Filz · Linus Torvalds · 36338327 · 7ee2cb7f
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

fs/nfs/dir.c fs/nfs/dir.c +2 -1

未找到文件。
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1943,7 +1943,8 @@ int nfs_permission(struct inode *inode, int mask)
 		case S_IFREG:
 			/* NFSv4 has atomic_open... */
 			if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
-					&& (mask & MAY_OPEN))
+					&& (mask & MAY_OPEN)
+					&& !(mask & MAY_EXEC))
 				goto out;
 			break;
 		case S_IFDIR: