diff options
| author | Jan Kara <jack@suse.cz> | 2016-09-19 17:39:09 +0200 |
|---|---|---|
| committer | Mark Salyzyn <salyzyn@google.com> | 2017-02-07 15:21:07 +0000 |
| commit | 49b60d4aa95aa0519238a06fde5c838146742796 (patch) | |
| tree | 7070dc7f3c0a35e5f082ae84dcd1c1de5e5bada7 /include/linux | |
| parent | 0213f79a418915f2db36572ae86b748438ed635b (diff) | |
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
(cherry pick from commit 073931017b49d9458aa351605b43a7e34598caef)
When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2). Fix that.
NB: We did not resolve the ACL leak in this CL, require additional
upstream fix.
References: CVE-2016-7097
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Bug: 32458736
Change-Id: I19591ad452cc825ac282b3cfd2daaa72aa9a1ac1
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/posix_acl.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h index 3e96a6a76103..d1a8ad7e5ae4 100644 --- a/include/linux/posix_acl.h +++ b/include/linux/posix_acl.h @@ -95,6 +95,7 @@ extern int set_posix_acl(struct inode *, int, struct posix_acl *); extern int posix_acl_chmod(struct inode *, umode_t); extern int posix_acl_create(struct inode *, umode_t *, struct posix_acl **, struct posix_acl **); +extern int posix_acl_update_mode(struct inode *, umode_t *, struct posix_acl **); extern int simple_set_acl(struct inode *, struct posix_acl *, int); extern int simple_acl_create(struct inode *, struct inode *); |