summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2008-07-22 00:02:33 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2008-07-26 20:53:30 -0400
commit30524472c2f728c20d6bf35191042a5d455c0a64 (patch)
treee9985d3883b45c4a9f5ef8185fa79c7b568bb4bd /fs
parente56b6a5dda1a36ffaa532df6f975ea324298fa4d (diff)
[PATCH] take noexec checks to very few callers that care
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r--fs/exec.c7
-rw-r--r--fs/namei.c9
-rw-r--r--fs/open.c10
3 files changed, 17 insertions, 9 deletions
diff --git a/fs/exec.c b/fs/exec.c
index 346e3f69c6e0..eca58c29eded 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -118,6 +118,10 @@ asmlinkage long sys_uselib(const char __user * library)
if (!S_ISREG(nd.path.dentry->d_inode->i_mode))
goto exit;
+ error = -EACCES;
+ if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
+ goto exit;
+
error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN);
if (error)
goto exit;
@@ -668,6 +672,9 @@ struct file *open_exec(const char *name)
if (!S_ISREG(nd.path.dentry->d_inode->i_mode))
goto out_path_put;
+ if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
+ goto out_path_put;
+
err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN);
if (err)
goto out_path_put;
diff --git a/fs/namei.c b/fs/namei.c
index 6d75430358ac..396cb3e5c364 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -252,15 +252,6 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
return -EACCES;
}
- if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
- /*
- * MAY_EXEC on regular files is denied if the fs is mounted
- * with the "noexec" flag.
- */
- if (mnt && (mnt->mnt_flags & MNT_NOEXEC))
- return -EACCES;
- }
-
/* Ordinary permission routines do not understand MAY_APPEND. */
if (inode->i_op && inode->i_op->permission) {
retval = inode->i_op->permission(inode, mask);
diff --git a/fs/open.c b/fs/open.c
index 3b3c43674be3..d5e421ad0cf6 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -461,6 +461,16 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
if (res)
goto out;
+ if ((mode & MAY_EXEC) && S_ISREG(nd.path.dentry->d_inode->i_mode)) {
+ /*
+ * MAY_EXEC on regular files is denied if the fs is mounted
+ * with the "noexec" flag.
+ */
+ res = -EACCES;
+ if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
+ goto out_path_release;
+ }
+
res = vfs_permission(&nd, mode | MAY_ACCESS);
/* SuS v2 requires we report a read only fs too */
if(res || !(mode & S_IWOTH) ||