mirror of
https://github.com/torvalds/linux.git
synced 2024-10-30 16:51:45 +00:00
d91d0b5690
We normally allow the owner of a file to override permissions checks on IO operations, since: - the client will take responsibility for doing an access check on open; - the permission checks offer no protection against malicious clients--if they can authenticate as the file's owner then they can always just change its permissions; - checking permission on each IO operation breaks the usual posix rule that permission is checked only on open. However, we've never allowed the owner to override permissions on readdir operations, even though the above logic would also apply to directories. I've never heard of this causing a problem, probably because a) simultaneously opening and creating a directory (with restricted mode) isn't possible, and b) opening a directory, then chmod'ing it, is rare. Our disallowal of owner-override on directories appears to be an accident, though--the readdir itself succeeds, and then we fail just because lookup_one_len() calls in our filldir methods fail. I'm not sure what the easiest fix for that would be. For now, just make this behavior obvious by denying the override right at the start. This also fixes some odd v4 behavior: with the rdattr_error attribute requested, it would perform the readdir but return an ACCES error with each entry. Signed-off-by: J. Bruce Fields <bfields@redhat.com> |
||
---|---|---|
.. | ||
acl.h | ||
auth.c | ||
auth.h | ||
cache.h | ||
current_stateid.h | ||
export.c | ||
fault_inject.c | ||
fault_inject.h | ||
idmap.h | ||
Kconfig | ||
lockd.c | ||
Makefile | ||
netns.h | ||
nfs2acl.c | ||
nfs3acl.c | ||
nfs3proc.c | ||
nfs3xdr.c | ||
nfs4acl.c | ||
nfs4callback.c | ||
nfs4idmap.c | ||
nfs4proc.c | ||
nfs4recover.c | ||
nfs4state.c | ||
nfs4xdr.c | ||
nfscache.c | ||
nfsctl.c | ||
nfsd.h | ||
nfsfh.c | ||
nfsfh.h | ||
nfsproc.c | ||
nfssvc.c | ||
nfsxdr.c | ||
state.h | ||
stats.c | ||
vfs.c | ||
vfs.h | ||
xdr3.h | ||
xdr4.h | ||
xdr.h |