diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2009-12-16 01:01:38 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-12-16 12:16:45 -0500 |
| commit | b75b5086be6504132eadb22a907854e0bf52e365 (patch) | |
| tree | b9859bcb09d12bb2a1dcfd5c3cecf303c2c02d1b | |
| parent | 6e6b1bd1e739faf4fa259fc0d8bfcadea2493222 (diff) | |
Sanitize exec_permission_lite()
Use the sucker in other places in pathname resolution
that check MAY_EXEC for directories; lose the _lite
from name, it's equivalent of full-blown inode_permission()
for its callers (albeit still lighter, since large parts
of generic_permission() do not apply for pure MAY_EXEC).
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | fs/namei.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/fs/namei.c b/fs/namei.c index 020bb082d0b9..8c8b379b94a4 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -412,16 +412,15 @@ do_revalidate(struct dentry *dentry, struct nameidata *nd) | |||
| 412 | } | 412 | } |
| 413 | 413 | ||
| 414 | /* | 414 | /* |
| 415 | * Short-cut version of permission(), for calling by | 415 | * Short-cut version of permission(), for calling on directories |
| 416 | * path_walk(), when dcache lock is held. Combines parts | 416 | * during pathname resolution. Combines parts of permission() |
| 417 | * of permission() and generic_permission(), and tests ONLY for | 417 | * and generic_permission(), and tests ONLY for MAY_EXEC permission. |
| 418 | * MAY_EXEC permission. | ||
| 419 | * | 418 | * |
| 420 | * If appropriate, check DAC only. If not appropriate, or | 419 | * If appropriate, check DAC only. If not appropriate, or |
| 421 | * short-cut DAC fails, then call permission() to do more | 420 | * short-cut DAC fails, then call ->permission() to do more |
| 422 | * complete permission check. | 421 | * complete permission check. |
| 423 | */ | 422 | */ |
| 424 | static int exec_permission_lite(struct inode *inode) | 423 | static int exec_permission(struct inode *inode) |
| 425 | { | 424 | { |
| 426 | int ret; | 425 | int ret; |
| 427 | 426 | ||
| @@ -807,7 +806,7 @@ static int link_path_walk(const char *name, struct nameidata *nd) | |||
| 807 | unsigned int c; | 806 | unsigned int c; |
| 808 | 807 | ||
| 809 | nd->flags |= LOOKUP_CONTINUE; | 808 | nd->flags |= LOOKUP_CONTINUE; |
| 810 | err = exec_permission_lite(inode); | 809 | err = exec_permission(inode); |
| 811 | if (err) | 810 | if (err) |
| 812 | break; | 811 | break; |
| 813 | 812 | ||
| @@ -1155,7 +1154,7 @@ static struct dentry *lookup_hash(struct nameidata *nd) | |||
| 1155 | { | 1154 | { |
| 1156 | int err; | 1155 | int err; |
| 1157 | 1156 | ||
| 1158 | err = inode_permission(nd->path.dentry->d_inode, MAY_EXEC); | 1157 | err = exec_permission(nd->path.dentry->d_inode); |
| 1159 | if (err) | 1158 | if (err) |
| 1160 | return ERR_PTR(err); | 1159 | return ERR_PTR(err); |
| 1161 | return __lookup_hash(&nd->last, nd->path.dentry, nd); | 1160 | return __lookup_hash(&nd->last, nd->path.dentry, nd); |
| @@ -1205,7 +1204,7 @@ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) | |||
| 1205 | if (err) | 1204 | if (err) |
| 1206 | return ERR_PTR(err); | 1205 | return ERR_PTR(err); |
| 1207 | 1206 | ||
| 1208 | err = inode_permission(base->d_inode, MAY_EXEC); | 1207 | err = exec_permission(base->d_inode); |
| 1209 | if (err) | 1208 | if (err) |
| 1210 | return ERR_PTR(err); | 1209 | return ERR_PTR(err); |
| 1211 | return __lookup_hash(&this, base, NULL); | 1210 | return __lookup_hash(&this, base, NULL); |