Subversion Repositories livecd

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
36 beyerle@PS 1 
diff -ur unionfs-1.1.5.ori/inode.c unionfs-1.1.5/inode.c
2 
--- unionfs-1.1.5.ori/inode.c	2006-06-12 04:03:36.000000000 +0200
3 
+++ unionfs-1.1.5/inode.c	2006-08-30 08:48:02.000000000 +0200
4 
@@ -867,8 +867,43 @@
5 
 		retval = generic_permission(inode, submask, NULL);
6 
 #endif
7 
 	}
8 
-
9 
-	if (retval && retval != -EROFS) /* ignore EROFS */
10 
+
11 
+	/* XXX jg
12 
+	 * Ignore EROFS but still perform the DAC check.
13 
+	 * This block of code added to work around RHEL 4 U3 problem
14 
+	 * Where all permission checks would return EROFS on readonly
15 
+	 * file system, and then be converted to 0 below.  The
16 
+	 * result was anyone could write to any file before copyup!
17 
+	 * Code mostly lifted from fs/namei.c::vfs_permission().
18 
+	 */
19 
+	if (retval == -EROFS) {
20 
+		umode_t mode = inode->i_mode;
21 
+
22 
+		BUG_ON(bindex == 0); /* handled above */
23 
+		if (current->fsuid == inode->i_uid)
24 
+			mode >>= 6;
25 
+		else if (in_group_p(inode->i_gid))
26 
+			mode >>= 3;
27 
+		if (((mode & mask & (MAY_READ|MAY_WRITE|MAY_EXEC)) == mask)) {
28 
+			retval = 0;
29 
+			goto out;
30 
+		}
31 
+		if (!(mask & MAY_EXEC) ||
32 
+		    (inode->i_mode & S_IXUGO) || S_ISDIR(inode->i_mode))
33 
+			if (capable(CAP_DAC_OVERRIDE)) {
34 
+				retval = 0;
35 
+				goto out;
36 
+			}
37 
+		if (mask == MAY_READ ||
38 
+		    (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE)))
39 
+			if (capable(CAP_DAC_READ_SEARCH)) {
40 
+				retval = 0;
41 
+				goto out;
42 
+			}
43 
+		retval = -EACCES;
44 
+	}
45 
+out:
46 
+       	if (retval && retval != -EROFS) /* ignore EROFS */
47 
 		return retval;
48 
 
49 
 	retval = security_inode_permission(inode, mask, nd);