Hi Linux,
vfs_permission in the Linux 2.4 series tries to check for
CAP_DAC_OVERRIDE if the modes didn't match. This means even
for an file without executable bits set at all, root will
be reported that it is. I've actually found one apllication
(scomail under linux-abi) that fails because of this, besides
not matching my reading of Posix 1003.1e.
Of the operating systems with capabilty-like features at least
OpenUNIX gets it right, of the others at least OpenServer and
4.4BSD, but these semantics seem natural to me anyway..
Please aplly the attached patch.
Christoph
-- Whip me. Beat me. Make me maintain AIX.--- linux.really_plain/fs/namei.c Wed Aug 8 17:56:58 2001 +++ linux.plain/fs/namei.c Wed Aug 8 18:13:22 2001 @@ -163,9 +163,13 @@ else if (in_group_p(inode->i_gid)) mode >>= 3; - if (((mode & mask & S_IRWXO) == mask) || capable(CAP_DAC_OVERRIDE)) + if (((mode & mask & S_IRWXO) == mask)) return 0; + if (!(mask & S_IXOTH) || S_ISDIR(inode->i_mode)) + if (capable(CAP_DAC_OVERRIDE)) + return 0; + /* read and search access */ if ((mask == S_IROTH) || (S_ISDIR(inode->i_mode) && !(mask & ~(S_IROTH | S_IXOTH)))) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Aug 15 2001 - 21:00:18 EST