posix_acl: Clear SGID bit when setting file permissions (07393101) · Commits · linux-arm / Ch Linux Perf

Commit 07393101 authored Sep 19, 2016 by Jan Kara

posix_acl: Clear SGID bit when setting file permissions



When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok().  Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2).  Fix that.

References: CVE-2016-7097
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>

parent 5d3ddd84

Hide whitespace changes

Inline Side-by-side

Carsten Haitzler @Carsten.Haitzler
mentioned in commit 497de07d
· Sep 07, 2021

mentioned in commit 497de07d

mentioned in commit 497de07d89c1410d76a15bec2bb41f24a2a89f31

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit 8ba35875
· Sep 08, 2021

mentioned in commit 8ba35875

mentioned in commit 8ba358756aa08414fa9e65a1a41d28304ed6fd7f

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit 6883cd7f
· Sep 08, 2021

mentioned in commit 6883cd7f

mentioned in commit 6883cd7f68245e43e91e5ee583b7550abf14523f

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit a992f2d3
· Sep 08, 2021

mentioned in commit a992f2d3

mentioned in commit a992f2d38e4ce17b8c7d1f7f67b2de0eebdea069

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit 84969465
· Sep 08, 2021

mentioned in commit 84969465

mentioned in commit 84969465ddc4f8aeb3b993123b571aa01c5f2683

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit c925dc16
· Sep 08, 2021

mentioned in commit c925dc16

mentioned in commit c925dc162f770578ff4a65ec9b08270382dba9e6

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit 9bcf66c7
· Sep 08, 2021

mentioned in commit 9bcf66c7

mentioned in commit 9bcf66c72d726322441ec82962994e69157613e4

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit 19ec8e48
· Sep 08, 2021

mentioned in commit 19ec8e48

mentioned in commit 19ec8e48582670c021e998b9deb88e39a842ff45

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit a3bb2d55
· Sep 08, 2021

mentioned in commit a3bb2d55

mentioned in commit a3bb2d5587521eea6dab2d05326abb0afb460abd

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit b5accbb0
· Sep 08, 2021

mentioned in commit b5accbb0

mentioned in commit b5accbb0dfae36d8d36cd882096943c98d5ede15

Toggle commit list
Carsten Haitzler @Carsten.Haitzler
mentioned in commit e39e773a
· Sep 08, 2021

mentioned in commit e39e773a

mentioned in commit e39e773ad100ac94f8358d862f20101e802ae54c

Toggle commit list

Please register or to comment