linux/fs/9p
Jan Kara 073931017b posix_acl: Clear SGID bit when setting file permissions
When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok().  Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2).  Fix that.

References: CVE-2016-7097
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
2016-09-22 10:55:32 +02:00
..
acl.c posix_acl: Clear SGID bit when setting file permissions 2016-09-22 10:55:32 +02:00
acl.h 9p: switch v9fs_set_create_acl() to inode+fid, do it before d_instantiate() 2013-02-26 02:46:07 -05:00
cache.c fs/9p: use fscache mutex rather than spinlock 2016-01-09 02:57:21 -05:00
cache.h fs: 9p: cache.h: Add #define of include guard 2015-11-11 02:19:50 -05:00
fid.c 9p: use clone_fid() 2016-08-03 11:12:12 -04:00
fid.h 9p: use clone_fid() 2016-08-03 11:12:12 -04:00
Kconfig fs/9p: xattr: add trusted and security namespaces 2013-07-07 22:02:18 -05:00
Makefile 9p: xattr simplifications 2015-11-13 20:34:33 -05:00
v9fs_vfs.h 9p: switch p9_client_read() to passing struct iov_iter * 2015-04-11 22:28:27 -04:00
v9fs.c kmemcg: account certain kmem allocations to memcg 2016-01-14 16:00:49 -08:00
v9fs.h fs/9p: use fscache mutex rather than spinlock 2016-01-09 02:57:21 -05:00
vfs_addr.c missed comment updates from ->direct_IO() prototype change 2016-05-29 19:05:03 -04:00
vfs_dentry.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
vfs_dir.c 9p: switch to ->iterate_shared() 2016-05-09 11:41:16 -04:00
vfs_file.c 9p: use file_dentry() 2016-06-30 23:28:09 -04:00
vfs_inode_dotl.c 9p: use clone_fid() 2016-08-03 11:12:12 -04:00
vfs_inode.c 9p: use clone_fid() 2016-08-03 11:12:12 -04:00
vfs_super.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
xattr.c 9p: use clone_fid() 2016-08-03 11:12:12 -04:00
xattr.h 9p: xattr simplifications 2015-11-13 20:34:33 -05:00