[trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit when setting file permissions

Juerg Haefliger juerg.haefliger at canonical.com
Wed Sep 6 15:41:50 UTC 2017

On 09/06/2017 03:40 PM, Thadeu Lima de Souza Cascardo wrote:
> On Wed, Sep 06, 2017 at 10:54:53AM +0200, Juerg Haefliger wrote:
>> From: Jan Kara <jack at suse.cz>
>> commit 073931017b49d9458aa351605b43a7e34598caef upstream.
>> When file permissions are modified via chmod(2) and the user is not in
>> the owning group or capable of CAP_FSETID, the setgid bit is cleared in
>> inode_change_ok().  Setting a POSIX ACL via setxattr(2) sets the file
>> permissions as well as the new ACL, but doesn't clear the setgid bit in
>> a similar way; this allows to bypass the check in chmod(2).  Fix that.
>> References: CVE-2016-7097
>> Reviewed-by: Christoph Hellwig <hch at lst.de>
>> Reviewed-by: Jeff Layton <jlayton at redhat.com>
>> Signed-off-by: Jan Kara <jack at suse.cz>
>> Signed-off-by: Andreas Gruenbacher <agruenba at redhat.com>
>> [bwh: Backported to 3.16:
>>  - Drop changes to orangefs
>>  - Adjust context
>>  - Update ext3 as well]
>> Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
>> CVE-2016-7097
>> [juergh: Backported to 3.13:
>>  - Drop changes to ceph
>>  - Use capable() instead of capable_wrt_inode_uidgid()
> We have capable_wrt_inode_uidgid in trusty. Why didn't you use it?

Because I was looking at upstream 3.13 and not trusty 3.13. Duh.


> Cascardo.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 845 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20170906/0f3ec12f/attachment.sig>

More information about the kernel-team mailing list