diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2008-07-22 00:02:33 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-07-26 20:53:30 -0400 |
| commit | 30524472c2f728c20d6bf35191042a5d455c0a64 (patch) | |
| tree | e9985d3883b45c4a9f5ef8185fa79c7b568bb4bd | |
| parent | e56b6a5dda1a36ffaa532df6f975ea324298fa4d (diff) | |
[PATCH] take noexec checks to very few callers that care
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | fs/exec.c | 7 | ||||
| -rw-r--r-- | fs/namei.c | 9 | ||||
| -rw-r--r-- | fs/open.c | 10 |
3 files changed, 17 insertions, 9 deletions
| @@ -118,6 +118,10 @@ asmlinkage long sys_uselib(const char __user * library) | |||
| 118 | if (!S_ISREG(nd.path.dentry->d_inode->i_mode)) | 118 | if (!S_ISREG(nd.path.dentry->d_inode->i_mode)) |
| 119 | goto exit; | 119 | goto exit; |
| 120 | 120 | ||
| 121 | error = -EACCES; | ||
| 122 | if (nd.path.mnt->mnt_flags & MNT_NOEXEC) | ||
| 123 | goto exit; | ||
| 124 | |||
| 121 | error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN); | 125 | error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN); |
| 122 | if (error) | 126 | if (error) |
| 123 | goto exit; | 127 | goto exit; |
| @@ -668,6 +672,9 @@ struct file *open_exec(const char *name) | |||
| 668 | if (!S_ISREG(nd.path.dentry->d_inode->i_mode)) | 672 | if (!S_ISREG(nd.path.dentry->d_inode->i_mode)) |
| 669 | goto out_path_put; | 673 | goto out_path_put; |
| 670 | 674 | ||
| 675 | if (nd.path.mnt->mnt_flags & MNT_NOEXEC) | ||
| 676 | goto out_path_put; | ||
| 677 | |||
| 671 | err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN); | 678 | err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN); |
| 672 | if (err) | 679 | if (err) |
| 673 | goto out_path_put; | 680 | goto out_path_put; |
diff --git a/fs/namei.c b/fs/namei.c index 6d75430358ac..396cb3e5c364 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -252,15 +252,6 @@ int permission(struct inode *inode, int mask, struct nameidata *nd) | |||
| 252 | return -EACCES; | 252 | return -EACCES; |
| 253 | } | 253 | } |
| 254 | 254 | ||
| 255 | if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) { | ||
| 256 | /* | ||
| 257 | * MAY_EXEC on regular files is denied if the fs is mounted | ||
| 258 | * with the "noexec" flag. | ||
| 259 | */ | ||
| 260 | if (mnt && (mnt->mnt_flags & MNT_NOEXEC)) | ||
| 261 | return -EACCES; | ||
| 262 | } | ||
| 263 | |||
| 264 | /* Ordinary permission routines do not understand MAY_APPEND. */ | 255 | /* Ordinary permission routines do not understand MAY_APPEND. */ |
| 265 | if (inode->i_op && inode->i_op->permission) { | 256 | if (inode->i_op && inode->i_op->permission) { |
| 266 | retval = inode->i_op->permission(inode, mask); | 257 | retval = inode->i_op->permission(inode, mask); |
| @@ -461,6 +461,16 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) | |||
| 461 | if (res) | 461 | if (res) |
| 462 | goto out; | 462 | goto out; |
| 463 | 463 | ||
| 464 | if ((mode & MAY_EXEC) && S_ISREG(nd.path.dentry->d_inode->i_mode)) { | ||
| 465 | /* | ||
| 466 | * MAY_EXEC on regular files is denied if the fs is mounted | ||
| 467 | * with the "noexec" flag. | ||
| 468 | */ | ||
| 469 | res = -EACCES; | ||
| 470 | if (nd.path.mnt->mnt_flags & MNT_NOEXEC) | ||
| 471 | goto out_path_release; | ||
| 472 | } | ||
| 473 | |||
| 464 | res = vfs_permission(&nd, mode | MAY_ACCESS); | 474 | res = vfs_permission(&nd, mode | MAY_ACCESS); |
| 465 | /* SuS v2 requires we report a read only fs too */ | 475 | /* SuS v2 requires we report a read only fs too */ |
| 466 | if(res || !(mode & S_IWOTH) || | 476 | if(res || !(mode & S_IWOTH) || |