From: Pavel Shilovsky <piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org> To: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Subject: [PATCH 1/3] fcntl: Introduce new O_DENY* open flags for network filesystems Date: Fri, 30 Nov 2012 14:20:38 +0400 [thread overview] Message-ID: <1354270840-7272-2-git-send-email-piastry@etersoft.ru> (raw) In-Reply-To: <1354270840-7272-1-git-send-email-piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org> This patch adds 3 flags: 1) O_DENYREAD that doesn't permit read access 2) O_DENYWRITE that doesn't permit write access 3) O_DENYDELETE that doesn't permit delete or rename Network filesystems CIFS, SMB2.0, SMB3.0 and NFSv4 have such flags - this change can benefit cifs and nfs modules. While this change is ok for network filesystems, itsn't not targeted for local filesystems due to security problems (e.g. when a user process can deny root to delete a file). Signed-off-by: Pavel Shilovsky <piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org> --- fs/fcntl.c | 5 +++-- include/uapi/asm-generic/fcntl.h | 11 +++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/fs/fcntl.c b/fs/fcntl.c index 71a600a..7abce5a 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -730,14 +730,15 @@ static int __init fcntl_init(void) * Exceptions: O_NONBLOCK is a two bit define on parisc; O_NDELAY * is defined as O_NONBLOCK on some platforms and not on others. */ - BUILD_BUG_ON(19 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32( + BUILD_BUG_ON(22 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32( O_RDONLY | O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | O_APPEND | /* O_NONBLOCK | */ __O_SYNC | O_DSYNC | FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | O_NOATIME | O_CLOEXEC | - __FMODE_EXEC | O_PATH + __FMODE_EXEC | O_PATH | O_DENYREAD | + O_DENYWRITE | O_DENYDELETE )); fasync_cache = kmem_cache_create("fasync_cache", diff --git a/include/uapi/asm-generic/fcntl.h b/include/uapi/asm-generic/fcntl.h index a48937d..5ac0d49 100644 --- a/include/uapi/asm-generic/fcntl.h +++ b/include/uapi/asm-generic/fcntl.h @@ -84,6 +84,17 @@ #define O_PATH 010000000 #endif +#ifndef O_DENYREAD +#define O_DENYREAD 020000000 /* Do not permit read access */ +#endif +#ifndef O_DENYWRITE +#define O_DENYWRITE 040000000 /* Do not permit write access */ +#endif +/* FMODE_NONOTIFY 0100000000 */ +#ifndef O_DENYDELETE +#define O_DENYDELETE 0200000000 /* Do not permit delete or rename */ +#endif + #ifndef O_NDELAY #define O_NDELAY O_NONBLOCK #endif -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Pavel Shilovsky <piastry@etersoft.ru> To: linux-cifs@vger.kernel.org, linux-nfs@vger.kernel.org Subject: [PATCH 1/3] fcntl: Introduce new O_DENY* open flags for network filesystems Date: Fri, 30 Nov 2012 14:20:38 +0400 [thread overview] Message-ID: <1354270840-7272-2-git-send-email-piastry@etersoft.ru> (raw) In-Reply-To: <1354270840-7272-1-git-send-email-piastry@etersoft.ru> This patch adds 3 flags: 1) O_DENYREAD that doesn't permit read access 2) O_DENYWRITE that doesn't permit write access 3) O_DENYDELETE that doesn't permit delete or rename Network filesystems CIFS, SMB2.0, SMB3.0 and NFSv4 have such flags - this change can benefit cifs and nfs modules. While this change is ok for network filesystems, itsn't not targeted for local filesystems due to security problems (e.g. when a user process can deny root to delete a file). Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> --- fs/fcntl.c | 5 +++-- include/uapi/asm-generic/fcntl.h | 11 +++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/fs/fcntl.c b/fs/fcntl.c index 71a600a..7abce5a 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -730,14 +730,15 @@ static int __init fcntl_init(void) * Exceptions: O_NONBLOCK is a two bit define on parisc; O_NDELAY * is defined as O_NONBLOCK on some platforms and not on others. */ - BUILD_BUG_ON(19 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32( + BUILD_BUG_ON(22 - 1 /* for O_RDONLY being 0 */ != HWEIGHT32( O_RDONLY | O_WRONLY | O_RDWR | O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC | O_APPEND | /* O_NONBLOCK | */ __O_SYNC | O_DSYNC | FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | O_NOATIME | O_CLOEXEC | - __FMODE_EXEC | O_PATH + __FMODE_EXEC | O_PATH | O_DENYREAD | + O_DENYWRITE | O_DENYDELETE )); fasync_cache = kmem_cache_create("fasync_cache", diff --git a/include/uapi/asm-generic/fcntl.h b/include/uapi/asm-generic/fcntl.h index a48937d..5ac0d49 100644 --- a/include/uapi/asm-generic/fcntl.h +++ b/include/uapi/asm-generic/fcntl.h @@ -84,6 +84,17 @@ #define O_PATH 010000000 #endif +#ifndef O_DENYREAD +#define O_DENYREAD 020000000 /* Do not permit read access */ +#endif +#ifndef O_DENYWRITE +#define O_DENYWRITE 040000000 /* Do not permit write access */ +#endif +/* FMODE_NONOTIFY 0100000000 */ +#ifndef O_DENYDELETE +#define O_DENYDELETE 0200000000 /* Do not permit delete or rename */ +#endif + #ifndef O_NDELAY #define O_NDELAY O_NONBLOCK #endif -- 1.7.10.4
next prev parent reply other threads:[~2012-11-30 10:20 UTC|newest] Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-11-30 10:20 [PATCH 0/3] Add O_DENY* flags to fcntl and cifs Pavel Shilovsky 2012-11-30 10:20 ` Pavel Shilovsky [not found] ` <1354270840-7272-1-git-send-email-piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org> 2012-11-30 10:20 ` Pavel Shilovsky [this message] 2012-11-30 10:20 ` [PATCH 1/3] fcntl: Introduce new O_DENY* open flags for network filesystems Pavel Shilovsky 2012-11-30 10:20 ` [PATCH 2/3] CIFS: Add O_DENY* open flags support Pavel Shilovsky 2012-11-30 10:20 ` Pavel Shilovsky 2012-11-30 10:20 ` [PATCH 3/3] CIFS: Use NT_CREATE_ANDX command for forcemand mounts Pavel Shilovsky 2012-11-30 10:20 ` Pavel Shilovsky 2012-11-30 11:10 ` [PATCH 0/3] Add O_DENY* flags to fcntl and cifs Pavel Shilovsky 2012-11-30 11:10 ` Pavel Shilovsky -- strict thread matches above, loose matches on Subject: below -- 2012-12-06 18:26 Pavel Shilovsky [not found] ` <1354818391-7968-1-git-send-email-piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org> 2012-12-06 18:26 ` [PATCH 1/3] fcntl: Introduce new O_DENY* open flags for network filesystems Pavel Shilovsky 2012-12-06 18:26 ` Pavel Shilovsky 2012-11-21 14:25 [PATCH 0/3] Add O_DENY* flags to fcntl and cifs Pavel Shilovsky [not found] ` <1353507930-10908-1-git-send-email-piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org> 2012-11-21 14:25 ` [PATCH 1/3] fcntl: Introduce new O_DENY* open flags for network filesystems Pavel Shilovsky
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1354270840-7272-2-git-send-email-piastry@etersoft.ru \ --to=piastry-7qunaywfiewox3rin2dayq@public.gmane.org \ --cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ --cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.