Re: [PATCH] missing checks in exec_permission_light()

From: Daniel Pittman (daniel@rimspace.net)
Date: Wed May 01 2002 - 03:03:56 EST


On Tue, 30 Apr 2002, Alexander Viro wrote:
> Missing checks added...
>
> diff -urN C12-0/fs/namei.c C12-current/fs/namei.c
> --- C12-0/fs/namei.c Tue Apr 30 20:23:38 2002
> +++ C12-current/fs/namei.c Tue Apr 30 23:37:15 2002
> @@ -324,6 +324,12 @@
> if (mode & MAY_EXEC)
> return 0;
>
> + if ((inode->i_mode & S_IXUGO) && capable(CAP_DAC_OVERRIDE))
> + return 0;
> +
> + if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
> + return 0;
> +
> return -EACCES;
> }

Looking at this it seems that it would explain the odd set of errors I
got reported during bootup under 2.5.12 -- a set of "permission denied"
errors from find(1) where, under 2.5.6, none had occurred.

These were on directories that are not owner by root, with the process
running as root.

I can look deeper into the problem, though, if you don't think that this
is the cause of it.

Regards,
        Daniel

-- 
It is easier to build strong children than to repair broken men.
        -- Frederick Douglas
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Tue May 07 2002 - 22:00:10 EST