On 26/11/17(Sun) 20:19, Helg wrote:
> Hi tech@
>
> It should not be possible to create a file or directory if write
> permission is denied on the parent directory of the file or directory to
> be created. However, FUSE does not perform an access check when the new
> vnode lookup is performed and always allows files and directory to be
> created unless the file system is mounted read-only.
>
> This patch adds the access check to fuse_lookup.
> (copied from ufs_lookup.c)
>
> ok?
Yes if you remove the MNT_RDONLY check above. This check becomes
redundant with your diff. fusefs_access() also checks for it.
> Index: fuse_lookup.c
> ===================================================================
> RCS file: /cvs/src/sys/miscfs/fuse/fuse_lookup.c,v
> retrieving revision 1.16
> diff -u -p -u -p -r1.16 fuse_lookup.c
> --- fuse_lookup.c 7 Sep 2016 17:53:35 -0000 1.16
> +++ fuse_lookup.c 26 Nov 2017 11:18:49 -0000
> @@ -93,6 +93,14 @@ fusefs_lookup(void *v)
> if (vdp->v_mount->mnt_flag & MNT_RDONLY)
> return (EROFS);
>
> + /*
> + * Access for write is interpreted as allowing
> + * creation of files in the directory.
> + */
> + if ((error = VOP_ACCESS(vdp, VWRITE, cred,
> + cnp->cn_proc)) != 0)
> + return (error);
> +
> cnp->cn_flags |= SAVENAME;
>
> if (!lockparent) {
>
