* [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
@ 2009-05-09 2:55 Frank Filz
2009-05-13 8:50 ` Eugene Teo
0 siblings, 1 reply; 7+ messages in thread
From: Frank Filz @ 2009-05-09 2:55 UTC (permalink / raw)
To: NFS List, NFS V4 Mailing List; +Cc: Bruce Fields, Trond Myklebust
The problem is that permission checking is skipped if atomic open is
possible, but when exec opens a file, it just opens it O_READONLY which
means EXEC permission will not be checked at that time.
This problem is observed by the following sequence (executed as root):
mount -t nfs4 server:/ /mnt4
echo "ls" >/mnt4/foo
chmod 744 /mnt4/foo
su guest -c "mnt4/foo"
Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
---
fs/nfs/dir.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 370b190..89f98e9 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1943,7 +1943,8 @@ int nfs_permission(struct inode *inode, int mask)
case S_IFREG:
/* NFSv4 has atomic_open... */
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
- && (mask & MAY_OPEN))
+ && (mask & MAY_OPEN)
+ && !(mask & MAY_EXEC))
goto out;
break;
case S_IFDIR:
--
1.5.2.2
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
_______________________________________________
Please note that nfs@lists.sourceforge.net is being discontinued.
Please subscribe to linux-nfs@vger.kernel.org instead.
http://vger.kernel.org/vger-lists.html#linux-nfs
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
2009-05-09 2:55 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission Frank Filz
@ 2009-05-13 8:50 ` Eugene Teo
0 siblings, 0 replies; 7+ messages in thread
From: Eugene Teo @ 2009-05-13 8:50 UTC (permalink / raw)
To: Frank Filz; +Cc: linux-nfs, nfsv4
Frank Filz wrote:
> The problem is that permission checking is skipped if atomic open is
> possible, but when exec opens a file, it just opens it O_READONLY which
> means EXEC permission will not be checked at that time.
>
> This problem is observed by the following sequence (executed as root):
>
> mount -t nfs4 server:/ /mnt4
> echo "ls" >/mnt4/foo
> chmod 744 /mnt4/foo
> su guest -c "mnt4/foo"
>
> Signed-off-by: Frank Filz <ffilzlnx at us.ibm.com>
Tested-by: Eugene Teo <eugeneteo@kernel.sg>
I have tested this on 2.6.29.3, and I can confirm that the patch fixed
the problem.
Btw, this looks like the same problem that was reported in 2006:
http://linux-nfs.org/pipermail/nfsv4/2006-November/005323.html
http://linux-nfs.org/pipermail/nfsv4/2006-November/005313.html
http://bugzilla.linux-nfs.org/show_bug.cgi?id=131
Thanks, Eugene
_______________________________________________
NFSv4 mailing list
NFSv4@linux-nfs.org
http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
2009-05-18 19:29 ` Frank Filz
@ 2009-05-19 0:13 ` Eugene Teo
-1 siblings, 0 replies; 7+ messages in thread
From: Eugene Teo @ 2009-05-19 0:13 UTC (permalink / raw)
To: Frank Filz
Cc: NFS List, NFS V4 Mailing List, Linux Kernel Mailing List,
security, Trond Myklebust, Bruce Fields
Frank Filz wrote:
> Sorry for the resend, got lkml address wrong...
>
> The problem is that permission checking is skipped if atomic open is
> possible, but when exec opens a file, it just opens it O_READONLY which
> means EXEC permission will not be checked at that time.
>
> This problem is observed by the following sequence (executed as root):
>
> mount -t nfs4 server:/ /mnt4
> echo "ls" >/mnt4/foo
> chmod 744 /mnt4/foo
> su guest -c "mnt4/foo"
>
> Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
Tested-by: Eugene Teo <eugeneteo@kernel.sg>
Thanks, Eugene
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
@ 2009-05-19 0:13 ` Eugene Teo
0 siblings, 0 replies; 7+ messages in thread
From: Eugene Teo @ 2009-05-19 0:13 UTC (permalink / raw)
To: Frank Filz
Cc: NFS List, NFS V4 Mailing List, Linux Kernel Mailing List,
security, Trond Myklebust, Bruce Fields
Frank Filz wrote:
> Sorry for the resend, got lkml address wrong...
>
> The problem is that permission checking is skipped if atomic open is
> possible, but when exec opens a file, it just opens it O_READONLY which
> means EXEC permission will not be checked at that time.
>
> This problem is observed by the following sequence (executed as root):
>
> mount -t nfs4 server:/ /mnt4
> echo "ls" >/mnt4/foo
> chmod 744 /mnt4/foo
> su guest -c "mnt4/foo"
>
> Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
Tested-by: Eugene Teo <eugeneteo-X4ZF2iejbADYtjvyW6yDsg@public.gmane.org>
Thanks, Eugene
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
@ 2009-05-18 19:29 ` Frank Filz
0 siblings, 0 replies; 7+ messages in thread
From: Frank Filz @ 2009-05-18 19:29 UTC (permalink / raw)
To: NFS List, NFS V4 Mailing List, Linux Kernel Mailing List
Cc: Eugene Teo, security, Trond Myklebust, Bruce Fields
Sorry for the resend, got lkml address wrong...
The problem is that permission checking is skipped if atomic open is
possible, but when exec opens a file, it just opens it O_READONLY which
means EXEC permission will not be checked at that time.
This problem is observed by the following sequence (executed as root):
mount -t nfs4 server:/ /mnt4
echo "ls" >/mnt4/foo
chmod 744 /mnt4/foo
su guest -c "mnt4/foo"
Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
---
fs/nfs/dir.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 370b190..89f98e9 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1943,7 +1943,8 @@ int nfs_permission(struct inode *inode, int mask)
case S_IFREG:
/* NFSv4 has atomic_open... */
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
- && (mask & MAY_OPEN))
+ && (mask & MAY_OPEN)
+ && !(mask & MAY_EXEC))
goto out;
break;
case S_IFDIR:
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
@ 2009-05-18 19:29 ` Frank Filz
0 siblings, 0 replies; 7+ messages in thread
From: Frank Filz @ 2009-05-18 19:29 UTC (permalink / raw)
To: NFS List, NFS V4 Mailing List, Linux Kernel Mailing List
Cc: Eugene Teo, security, Trond Myklebust, Bruce Fields
Sorry for the resend, got lkml address wrong...
The problem is that permission checking is skipped if atomic open is
possible, but when exec opens a file, it just opens it O_READONLY which
means EXEC permission will not be checked at that time.
This problem is observed by the following sequence (executed as root):
mount -t nfs4 server:/ /mnt4
echo "ls" >/mnt4/foo
chmod 744 /mnt4/foo
su guest -c "mnt4/foo"
Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
---
fs/nfs/dir.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 370b190..89f98e9 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1943,7 +1943,8 @@ int nfs_permission(struct inode *inode, int mask)
case S_IFREG:
/* NFSv4 has atomic_open... */
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
- && (mask & MAY_OPEN))
+ && (mask & MAY_OPEN)
+ && !(mask & MAY_EXEC))
goto out;
break;
case S_IFDIR:
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission.
@ 2009-05-18 19:25 Frank Filz
0 siblings, 0 replies; 7+ messages in thread
From: Frank Filz @ 2009-05-18 19:25 UTC (permalink / raw)
To: NFS List, NFS V4 Mailing List, Linux Kernel Mailing List
Cc: Eugene Teo, security, Trond Myklebust, Bruce Fields
The problem is that permission checking is skipped if atomic open is
possible, but when exec opens a file, it just opens it O_READONLY which
means EXEC permission will not be checked at that time.
This problem is observed by the following sequence (executed as root):
mount -t nfs4 server:/ /mnt4
echo "ls" >/mnt4/foo
chmod 744 /mnt4/foo
su guest -c "mnt4/foo"
Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com>
---
fs/nfs/dir.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 370b190..89f98e9 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1943,7 +1943,8 @@ int nfs_permission(struct inode *inode, int mask)
case S_IFREG:
/* NFSv4 has atomic_open... */
if (nfs_server_capable(inode, NFS_CAP_ATOMIC_OPEN)
- && (mask & MAY_OPEN))
+ && (mask & MAY_OPEN)
+ && !(mask & MAY_EXEC))
goto out;
break;
case S_IFDIR:
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2009-05-19 0:14 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-05-09 2:55 [NFS] [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission Frank Filz
2009-05-13 8:50 ` Eugene Teo
2009-05-18 19:25 Frank Filz
2009-05-18 19:29 Frank Filz
2009-05-18 19:29 ` Frank Filz
2009-05-19 0:13 ` Eugene Teo
2009-05-19 0:13 ` Eugene Teo
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.