The thing is that if you wanna know if you can exec a file (eg. a chmod
0000 file) and you check it with access asking for X_OK, when you are root
you allways get a 0 (OK), but if you try to exec it afterwards you'll get
an error. This happens for example to kerneld.
The problem? is in the code of file namei.c wich descrives function
permission used by access, as you can see it returns 0 (has access) to
requests from the root.
int permission(struct inode * inode,int mask)
{
int mode = inode->i_mode;
if (inode->i_op && inode->i_op->permission)
return inode->i_op->permission(inode, mask);
else if ((mask & S_IWOTH) && IS_RDONLY(inode) &&
(S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
return -EROFS; /* Nobody gets write access to a read-only fs */
else if ((mask & S_IWOTH) && IS_IMMUTABLE(inode))
return -EACCES; /* Nobody gets write access to an immutable file */
else if (current->fsuid == inode->i_uid)
mode >>= 6;
else if (in_group_p(inode->i_gid))
mode >>= 3;
if (((mode & mask & 0007) == mask) || fsuser())
return 0;
But on the othe hand in file exec.c as you can see, it checks for the file
having at least an executable bit before checking with permission, so if a
file is 0000 even root cannot exec it.
int prepare_binprm(struct linux_binprm *bprm)
{
int mode;
int retval,id_change;
mode = bprm->inode->i_mode;
if (!S_ISREG(mode)) /* must be regular file */
return -EACCES;
if (!(mode & 0111)) /* with at least _one_ execute bit set */
return -EACCES;
return -EACCES;
if (IS_NOEXEC(bprm->inode)) /* FS mustn't be mounted noexec */
return -EACCES;
if (!bprm->inode->i_sb)
return -EACCES;
if ((retval = permission(bprm->inode, MAY_EXEC)) != 0)
return retval;
Well, I don't know if this was intended or is a bug, you tell me, but this
leads to confusions (bugs) like the one in kerneld.
, ~,
SANTIAGO GARCIA MANTINAN (Manty/BestiaTester) mailto:manty@udc.es
, ~
FACULTAD DE INFORMATICA DE LA UNIVERSIDAD DE LA CORUNA
Also: manty@geocities.com - http://www.geocities.com/SiliconValley/Lakes/1486