From: Eugene Teo Subject: Re: [PATCH] nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission. Date: Tue, 19 May 2009 08:13:11 +0800 Message-ID: <4A11F997.5030602@redhat.com> References: <1242674983.4273.8.camel@dyn9047022153> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Cc: NFS List , NFS V4 Mailing List , Linux Kernel Mailing List , security@kernel.org, Trond Myklebust , Bruce Fields To: Frank Filz Return-path: Received: from mx2.redhat.com ([66.187.237.31]:39193 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751854AbZESAOT (ORCPT ); Mon, 18 May 2009 20:14:19 -0400 In-Reply-To: <1242674983.4273.8.camel@dyn9047022153> Sender: linux-nfs-owner@vger.kernel.org List-ID: Frank Filz wrote: > Sorry for the resend, got lkml address wrong... > > The problem is that permission checking is skipped if atomic open is > possible, but when exec opens a file, it just opens it O_READONLY which > means EXEC permission will not be checked at that time. > > This problem is observed by the following sequence (executed as root): > > mount -t nfs4 server:/ /mnt4 > echo "ls" >/mnt4/foo > chmod 744 /mnt4/foo > su guest -c "mnt4/foo" > > Signed-off-by: Frank Filz Tested-by: Eugene Teo Thanks, Eugene