aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/cipher.c
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@citi.umich.edu>2009-11-25 17:42:05 -0500
committerJ. Bruce Fields <bfields@citi.umich.edu>2009-11-25 17:55:46 -0500
commit864f0f61f829bac5f150a903aad9619322a25424 (patch)
tree77a864ab5538255dfba454d13f67de60807f2973 /crypto/cipher.c
parent9b8b317d58084b9a44f6f33b355c4278d9f841fb (diff)
nfsd: simplify fh_verify access checks
All nfsd security depends on the security checks in fh_verify, and especially on nfsd_setuser(). It therefore bothers me that the nfsd_setuser call may be made from three different places, depending on whether the filehandle has already been mapped to a dentry, and on whether subtreechecking is in force. Instead, make an unconditional call in fh_verify(), so it's trivial to verify that the call always occurs. That leaves us with a redundant nfsd_setuser() call in the subtreecheck case--it needs the correct user set earlier in order to check execute permissions on the path to this filehandle--but I'm willing to accept that minor inefficiency in the subtreecheck case in return for more straightforward permission checking. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Diffstat (limited to 'crypto/cipher.c')
0 files changed, 0 insertions, 0 deletions