xfs
[Top] [All Lists]

TAKE - Fix root exec access checks on files with acls

Subject: TAKE - Fix root exec access checks on files with acls
From: Eric Sandeen <sandeen@xxxxxxx>
Date: Wed, 23 Oct 2002 09:01:12 -0500
Sender: linux-xfs-bounce@xxxxxxxxxxx
Fix root exec access checks on files with acls

The standard VFS access checks look for at least one +x
bit set before allowing root (CAP_DAC_OVERRIDE) exec
access to the file.

This does the analogous thing for files with acls, looking
for at least 1 effective +x ace on the file before granting
root/CAP_DAC_OVERRIDE exec access.

There has been some discussion on the acl-devel list that
-any- +x on -any- ace (even only the mask) should allow
exec access for root, but I think this method (checking
for effective +x) makes more sense.  Easy enough to
change if the consensus shifts.

This should close internal bug 870306, although I forgot
to tell ptools that. :)

Date:  Wed Oct 23 07:00:12 PDT 2002
Workarea:  
stout.americas.sgi.com:/localhome/src/sandeen/2.4.x-xfs/workarea-alwaysclean

The following file(s) were checked into:
  bonnie.engr.sgi.com:/isms/slinx/2.4.x-xfs


Modid:  2.4.x-xfs:slinx:130837a
linux/fs/xfs/xfs_acl.c - 1.37
        - When checking for CAP_DAC_OVERRIDE exec access on files
          with acls, look for an effective exec permission in the
          acls before granting access.



<Prev in Thread] Current Thread [Next in Thread>