-
Neil Brown authored
Currently, an NFSv3 ACCESS check for READ permission on an eXecute-only file will succeed where it should fail. This is because nfsd_permission allows READ access to eXecute only files so that mode 711 executables can be loaded and run, and nfsd_access simply uses nfsd_permission. This patch changes nfsd_permission to only map eXecute permission to read permission of MAY_OWNER_OVERRIDE was set. This is only set when trying to read from a file, so ACCESS will no longer be tricked. This change will only affect callers of nfsd_permission that specify MAY_READ and not MAY_OWNER_OVERRIDE, and nfsd_access is the only routine that calls nfsd_permission (via fh_verify) that way.
4fe13364