[PATCH] fix MAY_CHDIR/MAY_ACCESS/LOOKUP_ACCESS mess

* MAY_CHDIR is redundant - it's an equivalent of MAY_ACCESS * MAY_ACCESS on fuse should affect only the last step of pathname resolution * fchdir() and chroot() should pass MAY_ACCESS, for the same reason why chdir() needs that. * now that we pass MAY_ACCESS explicitly in all cases, LOOKUP_ACCESS can be removed; it has no business being in nameidata. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

[PATCH] fix MAY_CHDIR/MAY_ACCESS/LOOKUP_ACCESS mess
* MAY_CHDIR is redundant - it's an equivalent of MAY_ACCESS * MAY_ACCESS on fuse should affect only the last step of pathname resolution * fchdir() and chroot() should pass MAY_ACCESS, for the same reason why chdir() needs that. * now that we pass MAY_ACCESS explicitly in all cases, LOOKUP_ACCESS can be removed; it has no business being in nameidata. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro
1 parent 7f2da1e7d0
Showing 5 changed files with 7 additions and 11 deletions Side-by-side Diff
fs/fuse/dir.c
fs/namei.c
fs/open.c
include/linux/fs.h
include/linux/namei.h
@@ -962,7 +962,7 @@
 		   exist.  So if permissions are revoked this won't be
 		   noticed immediately, only after the attribute
 		   timeout has expired */
-	} else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
+	} else if (mask & MAY_ACCESS) {
 		err = fuse_access(inode, mask);
 	} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
 		if (!(inode->i_mode & S_IXUGO)) {
@@ -265,8 +265,6 @@
 	if (inode->i_op && inode->i_op->permission) {
 		int extra = 0;
 		if (nd) {
-			if (nd->flags & LOOKUP_ACCESS)
-				extra |= MAY_ACCESS;
 			if (nd->flags & LOOKUP_OPEN)
 				extra |= MAY_OPEN;
 		}
@@ -457,11 +457,11 @@
 			old_cap = cap_set_effective(current->cap_permitted);
 	}
  
-	res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW|LOOKUP_ACCESS, &nd);
+	res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW, &nd);
 	if (res)
 		goto out;
  
-	res = vfs_permission(&nd, mode);
+	res = vfs_permission(&nd, mode | MAY_ACCESS);
 	/* SuS v2 requires we report a read only fs too */
 	if(res || !(mode & S_IWOTH) ||
 	   special_file(nd.path.dentry->d_inode->i_mode))
@@ -505,7 +505,7 @@
 	if (error)
 		goto out;
  
-	error = vfs_permission(&nd, MAY_EXEC | MAY_CHDIR);
+	error = vfs_permission(&nd, MAY_EXEC | MAY_ACCESS);
 	if (error)
 		goto dput_and_out;
  
@@ -534,7 +534,7 @@
 	if (!S_ISDIR(inode->i_mode))
 		goto out_putf;
  
-	error = file_permission(file, MAY_EXEC);
+	error = file_permission(file, MAY_EXEC | MAY_ACCESS);
 	if (!error)
 		set_fs_pwd(current->fs, &file->f_path);
 out_putf:
@@ -552,7 +552,7 @@
 	if (error)
 		goto out;
  
-	error = vfs_permission(&nd, MAY_EXEC);
+	error = vfs_permission(&nd, MAY_EXEC | MAY_ACCESS);
 	if (error)
 		goto dput_and_out;
  
@@ -61,8 +61,7 @@
 #define MAY_READ 4
 #define MAY_APPEND 8
 #define MAY_ACCESS 16
-#define MAY_CHDIR 32
-#define MAY_OPEN 64
+#define MAY_OPEN 32
  
 #define FMODE_READ 1
 #define FMODE_WRITE 2
@@ -53,7 +53,6 @@
  */
 #define LOOKUP_OPEN		(0x0100)
 #define LOOKUP_CREATE		(0x0200)
-#define LOOKUP_ACCESS		(0x0400)
  
 extern int __user_walk(const char __user *, unsigned, struct nameidata *);
 extern int __user_walk_fd(int dfd, const char __user *, unsigned, struct nameidata *);
...	...	@@ -962,7 +962,7 @@
962	962	exist. So if permissions are revoked this won't be
963	963	noticed immediately, only after the attribute
964	964	timeout has expired */
965		- } else if (mask & (MAY_ACCESS \| MAY_CHDIR)) {
	965	+ } else if (mask & MAY_ACCESS) {
966	966	err = fuse_access(inode, mask);
967	967	} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
968	968	if (!(inode->i_mode & S_IXUGO)) {
...	...	@@ -265,8 +265,6 @@
265	265	if (inode->i_op && inode->i_op->permission) {
266	266	int extra = 0;
267	267	if (nd) {
268		- if (nd->flags & LOOKUP_ACCESS)
269		- extra \|= MAY_ACCESS;
270	268	if (nd->flags & LOOKUP_OPEN)
271	269	extra \|= MAY_OPEN;
272	270	}
...	...	@@ -457,11 +457,11 @@
457	457	old_cap = cap_set_effective(current->cap_permitted);
458	458	}
459	459
460		- res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW\|LOOKUP_ACCESS, &nd);
	460	+ res = __user_walk_fd(dfd, filename, LOOKUP_FOLLOW, &nd);
461	461	if (res)
462	462	goto out;
463	463
464		- res = vfs_permission(&nd, mode);
	464	+ res = vfs_permission(&nd, mode \| MAY_ACCESS);
465	465	/* SuS v2 requires we report a read only fs too */
466	466	if(res \|\| !(mode & S_IWOTH) \|\|
467	467	special_file(nd.path.dentry->d_inode->i_mode))
...	...	@@ -505,7 +505,7 @@
505	505	if (error)
506	506	goto out;
507	507
508		- error = vfs_permission(&nd, MAY_EXEC \| MAY_CHDIR);
	508	+ error = vfs_permission(&nd, MAY_EXEC \| MAY_ACCESS);
509	509	if (error)
510	510	goto dput_and_out;
511	511
...	...	@@ -534,7 +534,7 @@
534	534	if (!S_ISDIR(inode->i_mode))
535	535	goto out_putf;
536	536
537		- error = file_permission(file, MAY_EXEC);
	537	+ error = file_permission(file, MAY_EXEC \| MAY_ACCESS);
538	538	if (!error)
539	539	set_fs_pwd(current->fs, &file->f_path);
540	540	out_putf:
...	...	@@ -552,7 +552,7 @@
552	552	if (error)
553	553	goto out;
554	554
555		- error = vfs_permission(&nd, MAY_EXEC);
	555	+ error = vfs_permission(&nd, MAY_EXEC \| MAY_ACCESS);
556	556	if (error)
557	557	goto dput_and_out;
558	558
...	...	@@ -61,8 +61,7 @@
61	61	#define MAY_READ 4
62	62	#define MAY_APPEND 8
63	63	#define MAY_ACCESS 16
64		-#define MAY_CHDIR 32
65		-#define MAY_OPEN 64
	64	+#define MAY_OPEN 32
66	65
67	66	#define FMODE_READ 1
68	67	#define FMODE_WRITE 2
...	...	@@ -53,7 +53,6 @@
53	53	*/
54	54	#define LOOKUP_OPEN (0x0100)
55	55	#define LOOKUP_CREATE (0x0200)
56		-#define LOOKUP_ACCESS (0x0400)
57	56
58	57	extern int __user_walk(const char __user , unsigned, struct nameidata );
59	58	extern int __user_walk_fd(int dfd, const char __user , unsigned, struct nameidata );