diff options
| author | jh <jh@FreeBSD.org> | 2010-08-30 16:30:18 +0000 |
|---|---|---|
| committer | jh <jh@FreeBSD.org> | 2010-08-30 16:30:18 +0000 |
| commit | c2cb836190c82be4859c68f5fabd199508638762 (patch) | |
| tree | 74e3c2e0dd77b8186e54fea709c4eef6f29e2ae5 /sys/kern/subr_acl_posix1e.c | |
| parent | 8505815b26f679d50f55f4ed16b1604f2d747b4e (diff) | |
| download | FreeBSD-src-c2cb836190c82be4859c68f5fabd199508638762.zip FreeBSD-src-c2cb836190c82be4859c68f5fabd199508638762.tar.gz | |
execve(2) has a special check for file permissions: a file must have at
least one execute bit set, otherwise execve(2) will return EACCES even
for an user with PRIV_VFS_EXEC privilege.
Add the check also to vaccess(9), vaccess_acl_nfs4(9) and
vaccess_acl_posix1e(9). This makes access(2) to better agree with
execve(2). Because ZFS doesn't use vaccess(9) for VEXEC, add the check
to zfs_freebsd_access() too. There may be other file systems which are
not using vaccess*() functions and need to be handled separately.
PR: kern/125009
Reviewed by: bde, trasz
Approved by: pjd (ZFS part)
Diffstat (limited to 'sys/kern/subr_acl_posix1e.c')
| -rw-r--r-- | sys/kern/subr_acl_posix1e.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/sys/kern/subr_acl_posix1e.c b/sys/kern/subr_acl_posix1e.c index f6fc6b2..311b214 100644 --- a/sys/kern/subr_acl_posix1e.c +++ b/sys/kern/subr_acl_posix1e.c @@ -90,8 +90,14 @@ vaccess_acl_posix1e(enum vtype type, uid_t file_uid, gid_t file_gid, PRIV_VFS_LOOKUP, 0)) priv_granted |= VEXEC; } else { - if ((accmode & VEXEC) && !priv_check_cred(cred, - PRIV_VFS_EXEC, 0)) + /* + * Ensure that at least one execute bit is on. Otherwise, + * a privileged user will always succeed, and we don't want + * this to happen unless the file really is executable. + */ + if ((accmode & VEXEC) && (acl_posix1e_acl_to_mode(acl) & + (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 && + !priv_check_cred(cred, PRIV_VFS_EXEC, 0)) priv_granted |= VEXEC; } |
