Re: [fuse-devel] Access Control Question

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

>Miklos Szeredi <miklos@...> writes:
>
> 
> > Yeah, this is a small inconsistency.  The solution is not hard, but
> > involves modifying VFS, it can't be fixed solely in the FUSE module.
> 
> Here's a patch (should apply to any recent kernel).  It makes chdir()
> invoke the ACCESS request, in which you should be able to check
> permission.  Can you please confirm if this solves your problem?
> 
> Thanks,
> Miklos
> 
> Index: linux/fs/fuse/dir.c
> ===================================================================
> --- linux.orig/fs/fuse/dir.c	2006-07-13 14:24:12.000000000 +0200
> +++ linux/fs/fuse/dir.c	2006-07-13 14:25:47.000000000 +0200
>  <at>  <at>  -776,7 +776,7  <at>  <at>  static int fuse_permission(struct 
inode 
>  		if ((mask & MAY_EXEC) && !S_ISDIR(mode) && !(mode & S_IXUGO))
>  			return -EACCES;
> 
> -		if (nd && (nd->flags & LOOKUP_ACCESS))
> +		if (nd && (nd->flags & (LOOKUP_ACCESS | LOOKUP_CHDIR)))
>  			return fuse_access(inode, mask);
>  		return 0;
>  	}
> Index: linux/fs/open.c
> ===================================================================
> --- linux.orig/fs/open.c	2006-07-13 14:20:22.000000000 +0200
> +++ linux/fs/open.c	2006-07-13 14:22:52.000000000 +0200
>  <at>  <at>  -546,7 +546,8  <at>  <at>  asmlinkage long sys_chdir(const char 
__u
>  	struct nameidata nd;
>  	int error;
> 
> -	error = __user_walk(filename, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &nd);
> +	error = __user_walk(filename,
> +			    LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_CHDIR, &nd);
>  	if (error)
>  		goto out;
> 
> Index: linux/include/linux/namei.h
> ===================================================================
> --- linux.orig/include/linux/namei.h	2006-07-13 14:20:48.000000000 +0200
> +++ linux/include/linux/namei.h	2006-07-13 14:21:20.000000000 +0200
>  <at>  <at>  -54,6 +54,7  <at>  <at>  enum {LAST_NORM, LAST_ROOT, LAST_DOT, 
LA
>  #define LOOKUP_OPEN		(0x0100)
>  #define LOOKUP_CREATE		(0x0200)
>  #define LOOKUP_ACCESS		(0x0400)
> +#define LOOKUP_CHDIR		(0x0800)
> 
>  extern int FASTCALL(__user_walk(const char __user *, unsigned, struct 
nameidata *));
>  extern int FASTCALL(__user_walk_fd(int dfd, const char __user *, unsigned, 
struct nameidata *));
> 
> -------------------------------------------------------------------------

Thankyou for your help.  I added the patch and tested it.  Using the '-d' 
debug option I verified that the access() routine was getting called properly 
during cd operations.  This changed the behavior of my problem but didn't 
eliminate it.

After a lot of testing, it appeared that the file system calls I was making 
(in the context of my fuse file system) were caching information relative to 
my process regardless of my effective UID and effective GID.  For example, I 
would call lstat() with the euid of root and the call would succeed as it 
should; then I would call lstat() with the euid of a low priority user and it 
would fail as it should; and next I would make the same lstat() call with the 
euid of root again and it would also fail with an EACCES error - in this case 
the call should have succeeded.  That being the case, my model of using seteuid
() and setegid()in the context of fuse file system routines wouldn't work 
well.  

At that point I took out the seteuid() and setegid()calls and switched to 
relying on the "-o default_permissions" flag and now it works as desired.

Thanks for your help!

Dana Henriksen
Novell