From patchwork Thu Dec 15 20:31:39 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chris J Arges X-Patchwork-Id: 131724 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 00C671007D8 for ; Fri, 16 Dec 2011 07:31:51 +1100 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1RbHxv-0000BK-LY; Thu, 15 Dec 2011 20:31:43 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1RbHxs-0000AU-VG for kernel-team@lists.ubuntu.com; Thu, 15 Dec 2011 20:31:41 +0000 Received: from user-387o921.cable.mindspring.com ([208.124.36.65] helo=[192.168.11.40]) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1RbHxs-0004ev-OW for kernel-team@lists.ubuntu.com; Thu, 15 Dec 2011 20:31:40 +0000 Message-ID: <4EEA592B.2060209@canonical.com> Date: Thu, 15 Dec 2011 14:31:39 -0600 From: Chris J Arges User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111124 Thunderbird/8.0 MIME-Version: 1.0 To: kernel-team@lists.ubuntu.com Subject: [Natty] SRU: nfsd4: permit read opens of executable-only files X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com SRU Justification Impact: NFSv4 mount point does not allow binary files to run when permissions are set to 111. Fix: Upstream commit a043226bc140a2c1dde162246d68a67e5043e6b2. Applies with minor conflicts. Testcase: Mount a directory using nfsv4. Inside that directory place a binary with ---x--x--x permissions. Try to execute the binary. Without this patch it will not execute. Notes: This patch fixes this issue, but requires support from the nfs client as well. The Natty version of the client will need additional fixes to complete the fix. The upstream maintainer has verified that the kernel is doing the right thing. http://comments.gmane.org/gmane.linux.nfs/43028 Thanks, --chris j arges From c081b4c32ab604965c4d82438780b967f7c5ad62 Mon Sep 17 00:00:00 2001 From: "J. Bruce Fields" Date: Thu, 25 Aug 2011 10:48:39 -0400 Subject: [PATCH] nfsd4: permit read opens of executable-only files A client that wants to execute a file must be able to read it. Read opens over nfs are therefore implicitly allowed for executable files even when those files are not readable. NFSv2/v3 get this right by using a passed-in NFSD_MAY_OWNER_OVERRIDE on read requests, but NFSv4 has gotten this wrong ever since dc730e173785e29b297aa605786c94adaffe2544 "nfsd4: fix owner-override on open", when we realized that the file owner shouldn't override permissions on non-reclaim NFSv4 opens. So we can't use NFSD_MAY_OWNER_OVERRIDE to tell nfsd_permission to allow reads of executable files. So, do the same thing we do whenever we encounter another weird NFS permission nit: define yet another NFSD_MAY_* flag. The industry's future standardization on 128-bit processors will be motivated primarily by the need for integers with enough bits for all the NFSD_MAY_* flags. Reported-by: Leonardo Borda Cc: stable@kernel.org Signed-off-by: J. Bruce Fields (cherry picked from commit a043226bc140a2c1dde162246d68a67e5043e6b2) BugLink: http://bugs.launchpad.net/bugs/833300 Conflicts: fs/nfsd/vfs.h Signed-off-by: Chris J Arges --- fs/nfsd/nfs4proc.c | 2 ++ fs/nfsd/vfs.c | 3 ++- fs/nfsd/vfs.h | 2 ++ 3 files changed, 6 insertions(+), 1 deletions(-) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 5fcb139..2df5614 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -156,6 +156,8 @@ do_open_permission(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfs !(open->op_share_access & NFS4_SHARE_ACCESS_WRITE)) return nfserr_inval; + accmode |= NFSD_MAY_READ_IF_EXEC; + if (open->op_share_access & NFS4_SHARE_ACCESS_READ) accmode |= NFSD_MAY_READ; if (open->op_share_access & NFS4_SHARE_ACCESS_WRITE) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 435f407..f0ee82a 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -2104,7 +2104,8 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, /* Allow read access to binaries even when mode 111 */ if (err == -EACCES && S_ISREG(inode->i_mode) && - acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE)) + (acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE) || + acc == (NFSD_MAY_READ | NFSD_MAY_READ_IF_EXEC))) err = inode_permission(inode, MAY_EXEC); return err? nfserrno(err) : 0; diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h index 9a370a5..dbe9ac1 100644 --- a/fs/nfsd/vfs.h +++ b/fs/nfsd/vfs.h @@ -21,6 +21,8 @@ #define NFSD_MAY_LOCAL_ACCESS 128 /* IRIX doing local access check on device special file*/ #define NFSD_MAY_BYPASS_GSS_ON_ROOT 256 #define NFSD_MAY_NOT_BREAK_LEASE 512 +#define NFSD_MAY_BYPASS_GSS 1024 +#define NFSD_MAY_READ_IF_EXEC 2048 #define NFSD_MAY_CREATE (NFSD_MAY_EXEC|NFSD_MAY_WRITE) #define NFSD_MAY_REMOVE (NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC) -- 1.7.5.4