Re: [PATCH] missing checks in exec_permission_light()

From: Alexander Viro (viro@math.psu.edu)
Date: Fri May 03 2002 - 03:36:41 EST


On Fri, 3 May 2002, Pavel Machek wrote:

> Hi!
>
> > + if (S_ISDIR(inode->i_mode) && capable(CAP_DAC_READ_SEARCH))
> > + return 0;
>
> Is this right? This means that root can do cat /, no? That does not
> seem like expected behaviour.

1) it's permission(..., MAY_EXEC)
2) in any case, root _can_ open "/" with O_RDONLY. Always could. That's
what you do for ls /, after all - open(2) followed by getdents(2). Now,
read(2) will fail (check what ->read() for directories is set to), but
that has nothing to permission checks.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Tue May 07 2002 - 22:00:18 EST