diff options
| author | Jaakko Heinonen <jh@FreeBSD.org> | 2010-08-30 16:30:18 +0000 |
|---|---|---|
| committer | Jaakko Heinonen <jh@FreeBSD.org> | 2010-08-30 16:30:18 +0000 |
| commit | de478dd4b427a1f2c667af80784c58e5d73892e3 (patch) | |
| tree | 74e3c2e0dd77b8186e54fea709c4eef6f29e2ae5 /sys/kern/vfs_subr.c | |
| parent | e7fb66340e060b9837c228fde0b7155592cb42b2 (diff) | |
| download | src-de478dd4b427a1f2c667af80784c58e5d73892e3.tar.gz src-de478dd4b427a1f2c667af80784c58e5d73892e3.zip | |
execve(2) has a special check for file permissions: a file must have at
least one execute bit set, otherwise execve(2) will return EACCES even
for an user with PRIV_VFS_EXEC privilege.
Add the check also to vaccess(9), vaccess_acl_nfs4(9) and
vaccess_acl_posix1e(9). This makes access(2) to better agree with
execve(2). Because ZFS doesn't use vaccess(9) for VEXEC, add the check
to zfs_freebsd_access() too. There may be other file systems which are
not using vaccess*() functions and need to be handled separately.
PR: kern/125009
Reviewed by: bde, trasz
Approved by: pjd (ZFS part)
Notes
Notes:
svn path=/head/; revision=212002
Diffstat (limited to 'sys/kern/vfs_subr.c')
| -rw-r--r-- | sys/kern/vfs_subr.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index 9bb365fcaae6..783cbee19011 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -3619,7 +3619,13 @@ privcheck: !priv_check_cred(cred, PRIV_VFS_LOOKUP, 0)) priv_granted |= VEXEC; } else { + /* + * Ensure that at least one execute bit is on. Otherwise, + * a privileged user will always succeed, and we don't want + * this to happen unless the file really is executable. + */ if ((accmode & VEXEC) && ((dac_granted & VEXEC) == 0) && + (file_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) != 0 && !priv_check_cred(cred, PRIV_VFS_EXEC, 0)) priv_granted |= VEXEC; } |