• Shirish Pargaonkar's avatar
    cifs: Do not set cifs/ntfs acl using a file handle (try #4) · e22906c5
    Shirish Pargaonkar authored
    Set security descriptor using path name instead of a file handle.
    We can't be sure that the file handle has adequate permission to
    set a security descriptor (to modify DACL).
    
    Function set_cifs_acl_by_fid() has been removed since we can't be
    sure how a file was opened for writing, a valid request can fail
    if the file was not opened with two above mentioned permissions.
    We could have opted to add on WRITE_DAC and WRITE_OWNER permissions
    to file opens and then use that file handle but adding addtional
    permissions such as WRITE_DAC and WRITE_OWNER could cause an
    any open to fail.
    
    And it was incorrect to look for read file handle to set a
    security descriptor anyway.
    Signed-off-by: default avatarShirish Pargaonkar <shirishpargaonkar@gmail.com>
    Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
    e22906c5
cifsacl.c 29.3 KB