]>
Commit | Line | Data |
---|---|---|
f68557eb GKH |
1 | From 497de07d89c1410d76a15bec2bb41f24a2a89f31 Mon Sep 17 00:00:00 2001 |
2 | From: Gu Zheng <guzheng1@huawei.com> | |
3 | Date: Mon, 9 Jan 2017 09:34:48 +0800 | |
4 | Subject: tmpfs: clear S_ISGID when setting posix ACLs | |
5 | ||
6 | From: Gu Zheng <guzheng1@huawei.com> | |
7 | ||
8 | commit 497de07d89c1410d76a15bec2bb41f24a2a89f31 upstream. | |
9 | ||
10 | This change was missed the tmpfs modification in In CVE-2016-7097 | |
11 | commit 073931017b49 ("posix_acl: Clear SGID bit when setting | |
12 | file permissions") | |
13 | It can test by xfstest generic/375, which failed to clear | |
14 | setgid bit in the following test case on tmpfs: | |
15 | ||
16 | touch $testfile | |
17 | chown 100:100 $testfile | |
18 | chmod 2755 $testfile | |
19 | _runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile | |
20 | ||
21 | Signed-off-by: Gu Zheng <guzheng1@huawei.com> | |
22 | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> | |
23 | Cc: Brad Spengler <spender@grsecurity.net> | |
24 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
25 | ||
26 | --- | |
27 | fs/posix_acl.c | 9 ++++----- | |
28 | 1 file changed, 4 insertions(+), 5 deletions(-) | |
29 | ||
30 | --- a/fs/posix_acl.c | |
31 | +++ b/fs/posix_acl.c | |
32 | @@ -903,11 +903,10 @@ int simple_set_acl(struct inode *inode, | |
33 | int error; | |
34 | ||
35 | if (type == ACL_TYPE_ACCESS) { | |
36 | - error = posix_acl_equiv_mode(acl, &inode->i_mode); | |
37 | - if (error < 0) | |
38 | - return 0; | |
39 | - if (error == 0) | |
40 | - acl = NULL; | |
41 | + error = posix_acl_update_mode(inode, | |
42 | + &inode->i_mode, &acl); | |
43 | + if (error) | |
44 | + return error; | |
45 | } | |
46 | ||
47 | inode->i_ctime = CURRENT_TIME; |