[trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit when setting file permissions
juerg.haefliger at canonical.com
Wed Sep 6 15:41:50 UTC 2017
On 09/06/2017 03:40 PM, Thadeu Lima de Souza Cascardo wrote:
> On Wed, Sep 06, 2017 at 10:54:53AM +0200, Juerg Haefliger wrote:
>> From: Jan Kara <jack at suse.cz>
>> commit 073931017b49d9458aa351605b43a7e34598caef upstream.
>> When file permissions are modified via chmod(2) and the user is not in
>> the owning group or capable of CAP_FSETID, the setgid bit is cleared in
>> inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file
>> permissions as well as the new ACL, but doesn't clear the setgid bit in
>> a similar way; this allows to bypass the check in chmod(2). Fix that.
>> References: CVE-2016-7097
>> Reviewed-by: Christoph Hellwig <hch at lst.de>
>> Reviewed-by: Jeff Layton <jlayton at redhat.com>
>> Signed-off-by: Jan Kara <jack at suse.cz>
>> Signed-off-by: Andreas Gruenbacher <agruenba at redhat.com>
>> [bwh: Backported to 3.16:
>> - Drop changes to orangefs
>> - Adjust context
>> - Update ext3 as well]
>> Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
>> [juergh: Backported to 3.13:
>> - Drop changes to ceph
>> - Use capable() instead of capable_wrt_inode_uidgid()
> We have capable_wrt_inode_uidgid in trusty. Why didn't you use it?
Because I was looking at upstream 3.13 and not trusty 3.13. Duh.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 845 bytes
Desc: OpenPGP digital signature
More information about the kernel-team