> > +/** > > + * exec_permission - check for general execute permission on file > > + * @inode: inode to check access rights for > > + * @mask: right to check for > > + * > > + * Exec permission on a regular file is denied if none of the execute > > + * bits are set. > > + * > > + * This needs to be called by filesystems which define a > > + * ->permission() method, and don't call generic_permission(). > > + */ > > +int exec_permission(struct inode *inode, int mask) > > +{ > > + if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode) && > > + !(inode->i_mode & S_IXUGO)) > > + return -EACCES; > > + > > + return 0; > > +} > > Hmm... What if !(mask & MAY_EXEC)? AFAICS, the above will return 0. > A better approach would be to use something like > > if (!(mask & MAY_EXEC)) > return -EACCES; > if (S_ISREG(inode->i_mode) && !(inode->i_mode & S_IXUGO)) > return -EACCES; > return 0; No, we don't want to deny read or write (that's up to the filesystem how it handles it), just want to deny execute if no x bits are set in the mode. I didn't really pay attention to individual filesystems, including NFS, just mechanically moved the check from permission() to ->permission(). So it's possible that the code could be further optimized in some cases. Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html