nfsd4: recheck for secure ports in fh_verify - linux-dev - Linux kernel development work

diff options

author	J. Bruce Fields <bfields@citi.umich.edu>	2007-11-12 16:05:03 -0500
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-11-12 14:28:08 -0800
commit	6fa02839bf9412e18e773d04e96182b4cd0b5d57 (patch)
tree	063ee35d4da2bd1289ae9e9a64b5f02c825ef5f2 /kernel
parent	knfsd: fix spurious EINVAL errors on first access of new filesystem (diff)
download	linux-dev-6fa02839bf9412e18e773d04e96182b4cd0b5d57.tar.xz linux-dev-6fa02839bf9412e18e773d04e96182b4cd0b5d57.zip

nfsd4: recheck for secure ports in fh_verify

As with commit 7fc90ec93a5eb71f4b08403baf5ba7176b3ec6b1 ("knfsd: nfsd: call nfsd_setuser() on fh_compose(), fix nfsd4 permissions problem") this is a case where we need to redo a security check in fh_verify() even though the filehandle already has an associated dentry--if the filehandle was created by fh_compose() in an earlier operation of the nfsv4 compound, then we may not have done these checks yet. Without this fix it is possible, for example, to traverse from an export without the secure ports requirement to one with it in a single compound, and bypass the secure port check on the new export. While we're here, fix up some minor style problems and change a printk() to a dprintk(), to make it harder for random unprivileged users to spam the logs. Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Reviewed-By: NeilBrown <neilb@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Diffstat (limited to 'kernel')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: