* [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
@ 2009-05-18 19:29 Frank Filz
2009-05-19 0:13 ` Eugene Teo
0 siblings, 1 reply; 2+ messages in thread
From: Frank Filz @ 2009-05-18 19:29 UTC (permalink / raw
To: NFS List, NFS V4 Mailing List, Linux Kernel Mailing List
Cc: Eugene Teo, security, Trond Myklebust, Bruce Fields
Sorry for the resend, got lkml address wrong...
The problem is that permission checking is skipped if atomic open is
possible, but when exec opens a file, it just opens it O_READONLY which
means EXEC permission will not be checked at that time.
This problem is observed by the following sequence (executed as root):
mount -t nfs4 server:/ /mnt4
echo "ls" >/mnt4/foo
chmod 744 /mnt4/foo
su guest -c "mnt4/foo"
Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
---
fs/nfs/dir.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 370b190..89f98e9 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1943,7 +1943,8 @@ int nfs_permission(struct inode *inode, int mask)
case S_IFREG:
/* NFSv4 has atomic_open... */
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
- && (mask & MAY_OPEN))
+ && (mask & MAY_OPEN)
+ && !(mask & MAY_EXEC))
goto out;
break;
case S_IFDIR:
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
2009-05-18 19:29 [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission Frank Filz
@ 2009-05-19 0:13 ` Eugene Teo
0 siblings, 0 replies; 2+ messages in thread
From: Eugene Teo @ 2009-05-19 0:13 UTC (permalink / raw
To: Frank Filz
Cc: NFS List, NFS V4 Mailing List, Linux Kernel Mailing List,
security, Trond Myklebust, Bruce Fields
Frank Filz wrote:
> Sorry for the resend, got lkml address wrong...
>
> The problem is that permission checking is skipped if atomic open is
> possible, but when exec opens a file, it just opens it O_READONLY which
> means EXEC permission will not be checked at that time.
>
> This problem is observed by the following sequence (executed as root):
>
> mount -t nfs4 server:/ /mnt4
> echo "ls" >/mnt4/foo
> chmod 744 /mnt4/foo
> su guest -c "mnt4/foo"
>
> Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
Tested-by: Eugene Teo <eugeneteo@kernel.sg>
Thanks, Eugene
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-05-19 0:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-18 19:29 [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission Frank Filz
2009-05-19 0:13 ` Eugene Teo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).