Loading fs/exec.c +2 −2 Original line number Diff line number Diff line Loading @@ -118,7 +118,7 @@ asmlinkage long sys_uselib(const char __user * library) if (!S_ISREG(nd.path.dentry->d_inode->i_mode)) goto exit; error = vfs_permission(&nd, MAY_READ | MAY_EXEC); error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN); if (error) goto exit; Loading Loading @@ -666,7 +666,7 @@ struct file *open_exec(const char *name) struct inode *inode = nd.path.dentry->d_inode; file = ERR_PTR(-EACCES); if (S_ISREG(inode->i_mode)) { int err = vfs_permission(&nd, MAY_EXEC); int err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN); file = ERR_PTR(err); if (!err) { file = nameidata_to_filp(&nd, Loading fs/namei.c +4 −9 Original line number Diff line number Diff line Loading @@ -263,12 +263,7 @@ int permission(struct inode *inode, int mask, struct nameidata *nd) /* Ordinary permission routines do not understand MAY_APPEND. */ if (inode->i_op && inode->i_op->permission) { int extra = 0; if (nd) { if (nd->flags & LOOKUP_OPEN) extra |= MAY_OPEN; } retval = inode->i_op->permission(inode, mask | extra); retval = inode->i_op->permission(inode, mask); if (!retval) { /* * Exec permission on a regular file is denied if none Loading @@ -292,7 +287,7 @@ int permission(struct inode *inode, int mask, struct nameidata *nd) return retval; return security_inode_permission(inode, mask & (MAY_READ|MAY_WRITE|MAY_EXEC), nd); mask & (MAY_READ|MAY_WRITE|MAY_EXEC)); } /** Loading Loading @@ -492,7 +487,7 @@ static int exec_permission_lite(struct inode *inode, return -EACCES; ok: return security_inode_permission(inode, MAY_EXEC, nd); return security_inode_permission(inode, MAY_EXEC); } /* Loading Loading @@ -1692,7 +1687,7 @@ struct file *do_filp_open(int dfd, const char *pathname, int will_write; int flag = open_to_namei_flags(open_flag); acc_mode = ACC_MODE(flag); acc_mode = MAY_OPEN | ACC_MODE(flag); /* O_TRUNC implies we need access checks for write permissions */ if (flag & O_TRUNC) Loading include/linux/security.h +3 −4 Original line number Diff line number Diff line Loading @@ -1362,7 +1362,7 @@ struct security_operations { struct inode *new_dir, struct dentry *new_dentry); int (*inode_readlink) (struct dentry *dentry); int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask); int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); void (*inode_delete) (struct inode *inode); Loading Loading @@ -1628,7 +1628,7 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry); int security_inode_readlink(struct dentry *dentry); int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd); int security_inode_permission(struct inode *inode, int mask); int security_inode_setattr(struct dentry *dentry, struct iattr *attr); int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); void security_inode_delete(struct inode *inode); Loading Loading @@ -2021,8 +2021,7 @@ static inline int security_inode_follow_link(struct dentry *dentry, return 0; } static inline int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd) static inline int security_inode_permission(struct inode *inode, int mask) { return 0; } Loading security/capability.c +1 −2 Original line number Diff line number Diff line Loading @@ -211,8 +211,7 @@ static int cap_inode_follow_link(struct dentry *dentry, return 0; } static int cap_inode_permission(struct inode *inode, int mask, struct nameidata *nd) static int cap_inode_permission(struct inode *inode, int mask) { return 0; } Loading security/security.c +2 −2 Original line number Diff line number Diff line Loading @@ -429,11 +429,11 @@ int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) return security_ops->inode_follow_link(dentry, nd); } int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd) int security_inode_permission(struct inode *inode, int mask) { if (unlikely(IS_PRIVATE(inode))) return 0; return security_ops->inode_permission(inode, mask, nd); return security_ops->inode_permission(inode, mask); } int security_inode_setattr(struct dentry *dentry, struct iattr *attr) Loading Loading
fs/exec.c +2 −2 Original line number Diff line number Diff line Loading @@ -118,7 +118,7 @@ asmlinkage long sys_uselib(const char __user * library) if (!S_ISREG(nd.path.dentry->d_inode->i_mode)) goto exit; error = vfs_permission(&nd, MAY_READ | MAY_EXEC); error = vfs_permission(&nd, MAY_READ | MAY_EXEC | MAY_OPEN); if (error) goto exit; Loading Loading @@ -666,7 +666,7 @@ struct file *open_exec(const char *name) struct inode *inode = nd.path.dentry->d_inode; file = ERR_PTR(-EACCES); if (S_ISREG(inode->i_mode)) { int err = vfs_permission(&nd, MAY_EXEC); int err = vfs_permission(&nd, MAY_EXEC | MAY_OPEN); file = ERR_PTR(err); if (!err) { file = nameidata_to_filp(&nd, Loading
fs/namei.c +4 −9 Original line number Diff line number Diff line Loading @@ -263,12 +263,7 @@ int permission(struct inode *inode, int mask, struct nameidata *nd) /* Ordinary permission routines do not understand MAY_APPEND. */ if (inode->i_op && inode->i_op->permission) { int extra = 0; if (nd) { if (nd->flags & LOOKUP_OPEN) extra |= MAY_OPEN; } retval = inode->i_op->permission(inode, mask | extra); retval = inode->i_op->permission(inode, mask); if (!retval) { /* * Exec permission on a regular file is denied if none Loading @@ -292,7 +287,7 @@ int permission(struct inode *inode, int mask, struct nameidata *nd) return retval; return security_inode_permission(inode, mask & (MAY_READ|MAY_WRITE|MAY_EXEC), nd); mask & (MAY_READ|MAY_WRITE|MAY_EXEC)); } /** Loading Loading @@ -492,7 +487,7 @@ static int exec_permission_lite(struct inode *inode, return -EACCES; ok: return security_inode_permission(inode, MAY_EXEC, nd); return security_inode_permission(inode, MAY_EXEC); } /* Loading Loading @@ -1692,7 +1687,7 @@ struct file *do_filp_open(int dfd, const char *pathname, int will_write; int flag = open_to_namei_flags(open_flag); acc_mode = ACC_MODE(flag); acc_mode = MAY_OPEN | ACC_MODE(flag); /* O_TRUNC implies we need access checks for write permissions */ if (flag & O_TRUNC) Loading
include/linux/security.h +3 −4 Original line number Diff line number Diff line Loading @@ -1362,7 +1362,7 @@ struct security_operations { struct inode *new_dir, struct dentry *new_dentry); int (*inode_readlink) (struct dentry *dentry); int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask); int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); void (*inode_delete) (struct inode *inode); Loading Loading @@ -1628,7 +1628,7 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry); int security_inode_readlink(struct dentry *dentry); int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd); int security_inode_permission(struct inode *inode, int mask); int security_inode_setattr(struct dentry *dentry, struct iattr *attr); int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); void security_inode_delete(struct inode *inode); Loading Loading @@ -2021,8 +2021,7 @@ static inline int security_inode_follow_link(struct dentry *dentry, return 0; } static inline int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd) static inline int security_inode_permission(struct inode *inode, int mask) { return 0; } Loading
security/capability.c +1 −2 Original line number Diff line number Diff line Loading @@ -211,8 +211,7 @@ static int cap_inode_follow_link(struct dentry *dentry, return 0; } static int cap_inode_permission(struct inode *inode, int mask, struct nameidata *nd) static int cap_inode_permission(struct inode *inode, int mask) { return 0; } Loading
security/security.c +2 −2 Original line number Diff line number Diff line Loading @@ -429,11 +429,11 @@ int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) return security_ops->inode_follow_link(dentry, nd); } int security_inode_permission(struct inode *inode, int mask, struct nameidata *nd) int security_inode_permission(struct inode *inode, int mask) { if (unlikely(IS_PRIVATE(inode))) return 0; return security_ops->inode_permission(inode, mask, nd); return security_ops->inode_permission(inode, mask); } int security_inode_setattr(struct dentry *dentry, struct iattr *attr) Loading