1. 26 11月, 2009 1 次提交
    • J
      nfsd: simplify fh_verify access checks · 864f0f61
      J. Bruce Fields 提交于
      All nfsd security depends on the security checks in fh_verify, and
      especially on nfsd_setuser().
      
      It therefore bothers me that the nfsd_setuser call may be made from
      three different places, depending on whether the filehandle has already
      been mapped to a dentry, and on whether subtreechecking is in force.
      
      Instead, make an unconditional call in fh_verify(), so it's trivial to
      verify that the call always occurs.
      
      That leaves us with a redundant nfsd_setuser() call in the subtreecheck
      case--it needs the correct user set earlier in order to check execute
      permissions on the path to this filehandle--but I'm willing to accept
      that minor inefficiency in the subtreecheck case in return for more
      straightforward permission checking.
      Signed-off-by: NJ. Bruce Fields <bfields@citi.umich.edu>
      864f0f61
  2. 24 11月, 2009 2 次提交
  3. 20 11月, 2009 4 次提交
  4. 19 11月, 2009 11 次提交
  5. 18 11月, 2009 22 次提交