[PATCH] permission checks for chdir need special treatment only on th…

…e last step

... so we ought to pass MAY_CHDIR to vfs_permission() instead of having
it triggered on every step of preceding pathname resolution.  LOOKUP_CHDIR
is killed by that.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

fs/namei.c

@@ -268,8 +268,6 @@ int permission(struct inode *inode, int mask, struct nameidata *nd)
 		if (nd) {
 			if (nd->flags & LOOKUP_ACCESS)
 				extra |= MAY_ACCESS;
-			if (nd->flags & LOOKUP_CHDIR)
-				extra |= MAY_CHDIR;
 			if (nd->flags & LOOKUP_OPEN)
 				extra |= MAY_OPEN;
 		}

fs/open.c

@@ -501,12 +501,11 @@ asmlinkage long sys_chdir(const char __user * filename)
 	struct nameidata nd;
 	int error;
 
-	error = __user_walk(filename,
-			    LOOKUP_FOLLOW|LOOKUP_DIRECTORY|LOOKUP_CHDIR, &nd);
+	error = __user_walk(filename, LOOKUP_FOLLOW|LOOKUP_DIRECTORY, &nd);
 	if (error)
 		goto out;
 
-	error = vfs_permission(&nd, MAY_EXEC);
+	error = vfs_permission(&nd, MAY_EXEC | MAY_CHDIR);
 	if (error)
 		goto dput_and_out;
 

include/linux/namei.h

@@ -55,7 +55,6 @@ enum {LAST_NORM, LAST_ROOT, LAST_DOT, LAST_DOTDOT, LAST_BIND};
 #define LOOKUP_OPEN		(0x0100)
 #define LOOKUP_CREATE		(0x0200)
 #define LOOKUP_ACCESS		(0x0400)
-#define LOOKUP_CHDIR		(0x0800)
 
 extern int __user_walk(const char __user *, unsigned, struct nameidata *);
 extern int __user_walk_fd(int dfd, const char __user *, unsigned, struct nameidata *);