On Fri, Aug 14, 2020 at 09:11:02AM +0200, Greg Kroah-Hartman wrote:
On Thu, Aug 13, 2020 at 04:17:22PM -0700, Kees Cook wrote:
The return code for attempting to execute a directory has always been EACCES. Adjust the S_ISDIR exec test to reflect the old errno instead of the general EISDIR for other kinds of "open" attempts on directories.
Reported-by: Marc Zyngier maz@kernel.org Link: https://lore.kernel.org/lkml/20200813151305.6191993b@why Fixes: 633fb6ac3980 ("exec: move S_ISREG() check earlier") Signed-off-by: Kees Cook keescook@chromium.org
fs/namei.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/namei.c b/fs/namei.c index 2112e578dccc..e99e2a9da0f7 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2849,8 +2849,10 @@ static int may_open(const struct path *path, int acc_mode, int flag) case S_IFLNK: return -ELOOP; case S_IFDIR:
if (acc_mode & (MAY_WRITE | MAY_EXEC))
if (acc_mode & MAY_WRITE) return -EISDIR;if (acc_mode & MAY_EXEC)return -EACCES;Reviewed-by: Greg Kroah-Hartman gregkh@google.com
And to round out the "let's use a different email address for each response, to drive accounting tools crazy!" effort, you can also add:
Tested-by: Greg Kroah-Hartman gregkh@android.com
thanks,
greg "I don't have enough different email addresses" k-h