1. 25 Nov, 2009 1 commit
    • J. Bruce Fields's avatar
      nfsd: simplify fh_verify access checks · 864f0f61
      J. Bruce Fields authored
      All nfsd security depends on the security checks in fh_verify, and
      especially on nfsd_setuser().
      
      It therefore bothers me that the nfsd_setuser call may be made from
      three different places, depending on whether the filehandle has already
      been mapped to a dentry, and on whether subtreechecking is in force.
      
      Instead, make an unconditional call in fh_verify(), so it's trivial to
      verify that the call always occurs.
      
      That leaves us with a redundant nfsd_setuser() call in the subtreecheck
      case--it needs the correct user set earlier in order to check execute
      permissions on the path to this filehandle--but I'm willing to accept
      that minor inefficiency in the subtreecheck case in return for more
      straightforward permission checking.
      Signed-off-by: default avatarJ. Bruce Fields <bfields@citi.umich.edu>
      864f0f61
  2. 23 Nov, 2009 2 commits
  3. 19 Nov, 2009 9 commits
  4. 18 Nov, 2009 28 commits