[patch] honour MNT_NOEXEC for access()

From: Stas Sergeev
Date: Fri Oct 06 2006 - 14:08:03 EST

Next message: Aneesh Kumar K.V: "safe_smp_processor_id i386 and x86_64"
Previous message: Deepak Saxena: "[PATCH 2.6.19-git] Fix ARM breakage due to no irq_regs.h"
In reply to: Stas Sergeev: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Next in thread: Alan Cox: "Re: [patch] honour MNT_NOEXEC for access()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Andrew.

The attached patch makes the access(X_OK) to take the
"noexec" mount option into an account.

Signed-off-by: Stas Sergeev <stsp@xxxxxxxx>
CC: Jakub Jelinek <jakub@xxxxxxxxxx>
CC: Arjan van de Ven <arjan@xxxxxxxxxxxxx>
CC: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
CC: Hugh Dickins <hugh@xxxxxxxxxxx>
CC: Ulrich Drepper <drepper@xxxxxxxxxx>

--- a/fs/namei.c 2006-08-29 14:15:47.000000000 +0400
+++ b/fs/namei.c 2006-10-04 11:28:52.000000000 +0400
@@ -249,9 +249,11 @@

/*
* MAY_EXEC on regular files requires special handling: We override
- * filesystem execute permissions if the mode bits aren't set.
+ * filesystem execute permissions if the mode bits aren't set or
+ * the fs is mounted with the "noexec" flag.
*/
- if ((mask & MAY_EXEC) && S_ISREG(mode) && !(mode & S_IXUGO))
+ if ((mask & MAY_EXEC) && S_ISREG(mode) && (!(mode & S_IXUGO) ||
+ (nd && nd->mnt && (nd->mnt->mnt_flags & MNT_NOEXEC))))
return -EACCES;

/* Ordinary permission routines do not understand MAY_APPEND. */

Next message: Aneesh Kumar K.V: "safe_smp_processor_id i386 and x86_64"
Previous message: Deepak Saxena: "[PATCH 2.6.19-git] Fix ARM breakage due to no irq_regs.h"
In reply to: Stas Sergeev: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Next in thread: Alan Cox: "Re: [patch] honour MNT_NOEXEC for access()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]