lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 22 May 2008 14:17:36 +0200
From:	Miklos Szeredi <miklos@...redi.hu>
To:	zippel@...ux-m68k.org
CC:	miklos@...redi.hu, linux-fsdevel@...r.kernel.org,
	hch@...radead.org, viro@...IV.linux.org.uk,
	linux-kernel@...r.kernel.org
Subject: Re: [patch 06/14] hfsplus: remove hfsplus_permission()

> That check didn't used to be there and that the HFS+ check is older than 
> that might have given you the idea that it at least used to work.
> So now the only way for a fs to differentiate between lookup and exec is 
> gone... :-(

That check was added quite some time ago:

   commit a343bb7750e6a098909c34f5c5dfddbc4fa40053
   Author: Trond Myklebust <Trond.Myklebust@...app.com>
   Date:   Tue Aug 22 20:06:03 2006 -0400
   
       VFS: Fix access("file", X_OK) in the presence of ACLs

Also it sounds just plain wrong to allow execution without an x bit.
It could cause nasty surprises at least.  What was the intended
purpose of that code, and why did nobody notice when it stopped
working?

Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ