diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-07-22 00:02:33 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-07-26 20:53:30 -0400 |
commit | 30524472c2f728c20d6bf35191042a5d455c0a64 (patch) | |
tree | e9985d3883b45c4a9f5ef8185fa79c7b568bb4bd /fs/open.c | |
parent | e56b6a5dda1a36ffaa532df6f975ea324298fa4d (diff) | |
download | kernel-crypto-30524472c2f728c20d6bf35191042a5d455c0a64.tar.gz kernel-crypto-30524472c2f728c20d6bf35191042a5d455c0a64.tar.xz kernel-crypto-30524472c2f728c20d6bf35191042a5d455c0a64.zip |
[PATCH] take noexec checks to very few callers that care
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/open.c')
-rw-r--r-- | fs/open.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/fs/open.c b/fs/open.c index 3b3c43674be..d5e421ad0cf 100644 --- a/fs/open.c +++ b/fs/open.c @@ -461,6 +461,16 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode) if (res) goto out; + if ((mode & MAY_EXEC) && S_ISREG(nd.path.dentry->d_inode->i_mode)) { + /* + * MAY_EXEC on regular files is denied if the fs is mounted + * with the "noexec" flag. + */ + res = -EACCES; + if (nd.path.mnt->mnt_flags & MNT_NOEXEC) + goto out_path_release; + } + res = vfs_permission(&nd, mode | MAY_ACCESS); /* SuS v2 requires we report a read only fs too */ if(res || !(mode & S_IWOTH) || |