From e9ebde5831bf344b4310f739e13bbcd56ed1818b Mon Sep 17 00:00:00 2001 From: Kotresh HR Date: Fri, 16 Apr 2021 09:44:05 +0530 Subject: [PATCH] client: Fix executeable access check for the root user Executeable permission check always returned sucessful even when executeable bit is not set on any of the user, group or others. This patch fixes it by overiding executeable permission check for root only if one of the executeable bit is set Signed-off-by: Kotresh HR Fixes: https://tracker.ceph.com/issues/50060 (cherry picked from commit b20ec2978cd3e16be9f45f1b7860bdae3c738147) Conflicts: src/client/Client.cc: The commit 6aa78836548f (cephfs errno aliases) is not present in nautilus and some other trivial conflict, may be because some patches are missing in nautilus. --- src/client/Client.cc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/client/Client.cc b/src/client/Client.cc index 94a07935de7..99a96d75e20 100755 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -125,6 +125,10 @@ #define DEBUG_GETATTR_CAPS (CEPH_CAP_XATTR_SHARED) +#ifndef S_IXUGO +#define S_IXUGO (S_IXUSR|S_IXGRP|S_IXOTH) +#endif + void client_flush_set_callback(void *p, ObjectCacher::ObjectSet *oset) { Client *client = static_cast(p); @@ -5371,8 +5375,12 @@ void Client::handle_cap_grant(MetaSession *session, Inode *in, Cap *cap, const M int Client::inode_permission(Inode *in, const UserPerm& perms, unsigned want) { - if (perms.uid() == 0) + if (perms.uid() == 0) { + // Executable are overridable when there is at least one exec bit set + if((want & MAY_EXEC) && !(in->mode & S_IXUGO)) + return -EACCES; return 0; + } if (perms.uid() != in->uid && (in->mode & S_IRWXG)) { int ret = _posix_acl_permission(in, perms, want); -- 2.47.3