From: Etienne Dechamps <etienne.dechamps@ovh.net>
Date: Fri, 2 Sep 2011 07:37:53 +0000 (+0200)
Subject: Check permissions in zfs_space().
X-Git-Tag: zfs-0.6.0-rc7~19
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aec69371a6a2e94534809c5e9ba22e7b0e276937;p=zfs

Check permissions in zfs_space().

This isn't done on Solaris because on this OS zfs_space() can
only be called with an opened file handle. Since the addition of
zpl_truncate_range() this isn't the case anymore, so we need to
enforce access rights.

Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Issue #334
---

diff --git a/module/zfs/zfs_vnops.c b/module/zfs/zfs_vnops.c
index c1391984a..74b96b8d7 100644
--- a/module/zfs/zfs_vnops.c
+++ b/module/zfs/zfs_vnops.c
@@ -4155,6 +4155,17 @@ zfs_space(struct inode *ip, int cmd, flock64_t *bfp, int flag,
 		return (EINVAL);
 	}
 
+	/*
+	 * Permissions aren't checked on Solaris because on this OS
+	 * zfs_space() can only be called with an opened file handle.
+	 * On Linux we can get here through truncate_range() which
+	 * operates directly on inodes, so we need to check access rights.
+	 */
+	if ((error = zfs_zaccess(zp, ACE_WRITE_DATA, 0, B_FALSE, cr))) {
+		ZFS_EXIT(zsb);
+		return (error);
+	}
+
 	off = bfp->l_start;
 	len = bfp->l_len; /* 0 means from off to end of file */