[PATCH] fix access() POSIX compliance

From: Andreas Gruenbacher <agruen@suse.de> The fix for permission() that makes it compliant with POSIX.1-2001 apparently was lost. Here is the patch I sent before. (The relevant lines from the standard text are cited in http://www.ussg.iu.edu/hypermail/linux/kernel/0310.2/0286.html. The fix proposed in that posting did not handle directories without execute permissions correctly.) Make permission check conform to POSIX.1-2001 The access(2) function does not conform to POSIX.1-2001: For root and a file with no permissions, access(file, MAY_READ|MAY_EXEC) returns 0 (it should return -1).

[PATCH] fix access() POSIX compliance
From: Andreas Gruenbacher <agruen@suse.de> The fix for permission() that makes it compliant with POSIX.1-2001 apparently was lost. Here is the patch I sent before. (The relevant lines from the standard text are cited in http://www.ussg.iu.edu/hypermail/linux/kernel/0310.2/0286.html. The fix proposed in that posting did not handle directories without execute permissions correctly.) Make permission check conform to POSIX.1-2001 The access(2) function does not conform to POSIX.1-2001: For root and a file with no permissions, access(file, MAY_READ|MAY_EXEC) returns 0 (it should return -1).
05789ebc · Andrew Morton · David S. Miller · 808fde0a · 05789ebc · 05789ebc
Commit 05789ebc authored Feb 18, 2004 by Andrew Morton Committed by David S. Miller Feb 18, 2004
Showing with 10 additions and 5 deletions

fs/ext2/acl.c fs/ext2/acl.c +2 -1

fs/ext3/acl.c fs/ext3/acl.c +2 -1

fs/jfs/acl.c fs/jfs/acl.c +2 -1

fs/namei.c fs/namei.c +2 -1

fs/xfs/xfs_inode.c fs/xfs/xfs_inode.c +2 -1

No files found.
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -322,7 +322,8 @@ ext2_permission(struct inode *inode, int mask, struct nameidata *nd)
 check_capabilities:
 	/* Allowed to override Discretionary Access Control? */
-	if ((mask & (MAY_READ|MAY_WRITE)) || (inode->i_mode & S_IXUGO))
+	if (!(mask & MAY_EXEC) ||
+	    (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
 		if (capable(CAP_DAC_OVERRIDE))
 			return 0;
 	/* Read and search granted if capable(CAP_DAC_READ_SEARCH) */

--- a/fs/ext3/acl.c
+++ b/fs/ext3/acl.c
@@ -327,7 +327,8 @@ ext3_permission(struct inode *inode, int mask, struct nameidata *nd)
 check_capabilities:
 	/* Allowed to override Discretionary Access Control? */
-	if ((mask & (MAY_READ|MAY_WRITE)) || (inode->i_mode & S_IXUGO))
+	if (!(mask & MAY_EXEC) ||
+	    (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
 		if (capable(CAP_DAC_OVERRIDE))
 			return 0;
 	/* Read and search granted if capable(CAP_DAC_READ_SEARCH) */

--- a/fs/jfs/acl.c
+++ b/fs/jfs/acl.c
@@ -191,7 +191,8 @@ int jfs_permission(struct inode * inode, int mask, struct nameidata *nd)
 	 * Read/write DACs are always overridable.
 	 * Executable DACs are overridable if at least one exec bit is set.
 	 */
-	if ((mask & (MAY_READ|MAY_WRITE)) || (inode->i_mode & S_IXUGO))
+	if (!(mask & MAY_EXEC) ||
+	    (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
 		if (capable(CAP_DAC_OVERRIDE))
 			return 0;

--- a/fs/namei.c
+++ b/fs/namei.c
@@ -190,7 +190,8 @@ int vfs_permission(struct inode * inode, int mask)
 	 * Read/write DACs are always overridable.
 	 * Executable DACs are overridable if at least one exec bit is set.
 	 */
-	if ((mask & (MAY_READ|MAY_WRITE)) || (inode->i_mode & S_IXUGO))
+	if (!(mask & MAY_EXEC) ||
+	    (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
 		if (capable(CAP_DAC_OVERRIDE))
 			return 0;

--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -3707,7 +3707,8 @@ xfs_iaccess(
 	 * Read/write DACs are always overridable.
 	 * Executable DACs are overridable if at least one exec bit is set.
 	 */
-	if ((orgmode & (S_IRUSR|S_IWUSR)) || (inode->i_mode & S_IXUGO))
+	if (!(orgmode & S_IXUSR) || (inode->i_mode & S_IXUGO) ||
+	    (ip->i_d.di_mode & S_IFMT) == S_IFDIR)
 		if (capable_cred(cr, CAP_DAC_OVERRIDE))
 			return 0;