commit 33593eb711ae47e81ef0aab298e231c7a35f19f4
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Mon Jan 14 12:10:59 2008 -0800

    Linux 2.6.22.16

commit 53d06121542c36ec0f0e5504c8358a768e25cb9a
Author: Linus Torvalds <torvalds@woody.linux-foundation.org>
Date:   Sat Jan 12 14:06:34 2008 -0800

    Use access mode instead of open flags to determine needed permissions (CVE-2008-0001)
    
    patch 974a9f0b47da74e28f68b9c8645c3786aa5ace1a in mainline
    
    Way back when (in commit 834f2a4a1554dc5b2598038b3fe8703defcbe467, aka
    "VFS: Allow the filesystem to return a full file pointer on open intent"
    to be exact), Trond changed the open logic to keep track of the original
    flags to a file open, in order to pass down the the intent of a dentry
    lookup to the low-level filesystem.
    
    However, when doing that reorganization, it changed the meaning of
    namei_flags, and thus inadvertently changed the test of access mode for
    directories (and RO filesystem) to use the wrong flag.  So fix those
    test back to use access mode ("acc_mode") rather than the open flag
    ("flag").
    
    Issue noticed by Bill Roman at Datalight.
    
    Reported-and-tested-by: Bill Roman <bill.roman@datalight.com>
    Acked-by: Trond Myklebust <Trond.Myklebust@netapp.com>
    Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
    Cc: Christoph Hellwig <hch@lst.de>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>