projects / deliverable / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[PATCH] take noexec checks to very few callers that care
[deliverable/linux.git] / fs / open.c
diff --git a/fs/open.c b/fs/open.c
index 3b3c43674be36356a42116d279647d72c2b99a10..d5e421ad0cf66eb082f90f302350980b92bb48d3 100644 (file)
--- a/fs/open.c
+++ b/fs/open.c
@@ -461,6 +461,16 @@ asmlinkage long sys_faccessat(int dfd, const char __user *filename, int mode)
        if (res)
                goto out;
 
+       if ((mode & MAY_EXEC) && S_ISREG(nd.path.dentry->d_inode->i_mode)) {
+               /*
+                * MAY_EXEC on regular files is denied if the fs is mounted
+                * with the "noexec" flag.
+                */
+               res = -EACCES;
+               if (nd.path.mnt->mnt_flags & MNT_NOEXEC)
+                       goto out_path_release;
+       }
+
        res = vfs_permission(&nd, mode | MAY_ACCESS);
        /* SuS v2 requires we report a read only fs too */
        if(res || !(mode & S_IWOTH) ||
Linux kernel - Deliverables
This page took 0.024922 seconds and 5 git commands to generate.