4.4-stable patches

added patches:
	fix-up-non-directory-creation-in-sgid-directories.patch

diff --git a/queue-4.4/fix-up-non-directory-creation-in-sgid-directories.patch b/queue-4.4/fix-up-non-directory-creation-in-sgid-directories.patch
new file mode 100644 (file)
index 0000000..ae86ae3
--- /dev/null
+++ b/queue-4.4/fix-up-non-directory-creation-in-sgid-directories.patch
@@ -0,0 +1,47 @@
+From 0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 3 Jul 2018 17:10:19 -0700
+Subject: Fix up non-directory creation in SGID directories
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 upstream.
+
+sgid directories have special semantics, making newly created files in
+the directory belong to the group of the directory, and newly created
+subdirectories will also become sgid.  This is historically used for
+group-shared directories.
+
+But group directories writable by non-group members should not imply
+that such non-group members can magically join the group, so make sure
+to clear the sgid bit on non-directories for non-members (but remember
+that sgid without group execute means "mandatory locking", just to
+confuse things even more).
+
+Reported-by: Jann Horn <jannh@google.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/inode.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/fs/inode.c
++++ b/fs/inode.c
+@@ -1937,8 +1937,14 @@ void inode_init_owner(struct inode *inod
+       inode->i_uid = current_fsuid();
+       if (dir && dir->i_mode & S_ISGID) {
+               inode->i_gid = dir->i_gid;
++
++              /* Directories are special, and always inherit S_ISGID */
+               if (S_ISDIR(mode))
+                       mode |= S_ISGID;
++              else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
++                       !in_group_p(inode->i_gid) &&
++                       !capable_wrt_inode_uidgid(dir, CAP_FSETID))
++                      mode &= ~S_ISGID;
+       } else
+               inode->i_gid = current_fsgid();
+       inode->i_mode = mode;

diff --git a/queue-4.4/series b/queue-4.4/series
index 030c97c0601db2b71e8f8b983fce0bbc9556b06d..73859a6120edcbe72f17eb145be72978c1be0bac 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -10,3 +10,4 @@ usb-serial-mos7840-fix-status-register-error-handling.patch
 usb-quirks-add-delay-quirks-for-corsair-strafe.patch
 xhci-xhci-mem-off-by-one-in-xhci_stream_id_to_ring.patch
 hid-usbhid-add-quirk-for-innomedia-innex-genesis-atari-adapter.patch
+fix-up-non-directory-creation-in-sgid-directories.patch