diff options
| author |   J. Bruce Fields <bfields@citi.umich.edu> | 2009-11-25 17:42:05 -0500 |
|---|---|---|
| committer | J. Bruce Fields <bfields@citi.umich.edu> | 2009-11-25 17:55:46 -0500 |
| commit | 864f0f61f829bac5f150a903aad9619322a25424 (patch) | |
| tree | 77a864ab5538255dfba454d13f67de60807f2973 /include/linux/nfsd/nfsfh.h | |
| parent | Merge commit 'v2.6.32-rc8' into HEAD (diff) | |
| download | linux-dev-864f0f61f829bac5f150a903aad9619322a25424.tar.xz linux-dev-864f0f61f829bac5f150a903aad9619322a25424.zip | |
nfsd: simplify fh_verify access checks
All nfsd security depends on the security checks in fh_verify, and
especially on nfsd_setuser().
It therefore bothers me that the nfsd_setuser call may be made from
three different places, depending on whether the filehandle has already
been mapped to a dentry, and on whether subtreechecking is in force.
Instead, make an unconditional call in fh_verify(), so it's trivial to
verify that the call always occurs.
That leaves us with a redundant nfsd_setuser() call in the subtreecheck
case--it needs the correct user set earlier in order to check execute
permissions on the path to this filehandle--but I'm willing to accept
that minor inefficiency in the subtreecheck case in return for more
straightforward permission checking.
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Diffstat (limited to 'include/linux/nfsd/nfsfh.h')
0 files changed, 0 insertions, 0 deletions