patch-2.4.22 linux-2.4.22/fs/nfsd/nfsfh.c

• Lines: 50
• Date: 2003-08-25 04:44:43.000000000 -0700
• Orig file: linux-2.4.21/fs/nfsd/nfsfh.c
• Orig date: 2003-06-13 07:51:37.000000000 -0700

diff -urN linux-2.4.21/fs/nfsd/nfsfh.c linux-2.4.22/fs/nfsd/nfsfh.c
@@ -697,33 +697,23 @@
 	error = 0;
 
 	if (!(exp->ex_flags & NFSEXP_NOSUBTREECHECK)) {
-		if (exp->ex_dentry != dentry) {
-			struct dentry *tdentry = dentry;
+		struct dentry *tdentry = dentry;
 
-			do {
-				tdentry = tdentry->d_parent;
-				if (exp->ex_dentry == tdentry)
-					break;
-				/* executable only by root and we can't be root */
-				if (current->fsuid
-				    && (exp->ex_flags & NFSEXP_ROOTSQUASH)
-				    && !(tdentry->d_inode->i_uid
-					 && (tdentry->d_inode->i_mode & S_IXUSR))
-				    && !(tdentry->d_inode->i_gid
-					 && (tdentry->d_inode->i_mode & S_IXGRP))
-				    && !(tdentry->d_inode->i_mode & S_IXOTH)
-					) {
-					error = nfserr_stale;
-					dprintk("fh_verify: no root_squashed access.\n");
-				}
-			} while ((tdentry != tdentry->d_parent));
-			if (exp->ex_dentry != tdentry) {
-				error = nfserr_stale;
-				printk("nfsd Security: %s/%s bad export.\n",
-				       dentry->d_parent->d_name.name,
-				       dentry->d_name.name);
-				goto out;
-			}
+		while (tdentry != exp->ex_dentry && !IS_ROOT(tdentry)) {
+			struct dentry *parent = tdentry->d_parent;
+
+			/* make sure parents give x permission to user */
+			error = permission(parent->d_inode, MAY_EXEC);
+			if (error)
+				break;
+			tdentry = parent;
+		}
+		if (exp->ex_dentry != tdentry) {
+			error = nfserr_stale;
+			printk("fh_verify: no root_squashed access at %s/%s.\n",
+			       dentry->d_parent->d_name.name,
+			       dentry->d_name.name);
+			goto out;
 		}
 	}