xfs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

TAKE - Fix root exec access checks on files with acls

from [Eric Sandeen] [Permanent Link][Original]
Subject: TAKE - Fix root exec access checks on files with acls
From: Eric Sandeen <sandeen@xxxxxxx>
Date: Wed, 23 Oct 2002 09:01:12 -0500
Sender: linux-xfs-bounce@xxxxxxxxxxx 
Fix root exec access checks on files with acls

The standard VFS access checks look for at least one +x
bit set before allowing root (CAP_DAC_OVERRIDE) exec
access to the file.

This does the analogous thing for files with acls, looking
for at least 1 effective +x ace on the file before granting
root/CAP_DAC_OVERRIDE exec access.

There has been some discussion on the acl-devel list that
-any- +x on -any- ace (even only the mask) should allow
exec access for root, but I think this method (checking
for effective +x) makes more sense.  Easy enough to
change if the consensus shifts.

This should close internal bug 870306, although I forgot
to tell ptools that. :)

Date:  Wed Oct 23 07:00:12 PDT 2002
Workarea:  
stout.americas.sgi.com:/localhome/src/sandeen/2.4.x-xfs/workarea-alwaysclean

The following file(s) were checked into:
  bonnie.engr.sgi.com:/isms/slinx/2.4.x-xfs


Modid:  2.4.x-xfs:slinx:130837a
linux/fs/xfs/xfs_acl.c - 1.37
        - When checking for CAP_DAC_OVERRIDE exec access on files
          with acls, look for an effective exec permission in the
          acls before granting access.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Ë÷ÎÄ·­ÒëÓÐÏÞ¹«Ë¾£¬±ÊÒë¡¢¿ÚÒë¡¢ÍøÕ¾±¾µØ»¯--www.soven.com, 索文翻译公司
Next by Date:  Re: PATCH: sleeping while holding a lock in _pagebuf_free_bh()::page_buf.c, Christoph Hellwig
Previous by Thread:  Ë÷ÎÄ·­ÒëÓÐÏÞ¹«Ë¾£¬±ÊÒë¡¢¿ÚÒë¡¢ÍøÕ¾±¾µØ»¯--www.soven.com, 索文翻译公司
Next by Thread:  RE: TAKE - Fix root exec access checks on files with acls, Kostadin Karaivanov
Indexes:  [Date] [Thread] [Top] [All Lists]