From 6ada3a0659fbeeec701c1aad960d7c72d63949d7 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Fri, 23 Dec 2005 11:11:28 -0800
Subject: [PATCH] another patch

---
 queue/series                                  |  1 +
 ...-on-readonly-mounted-nfs-filesystems.patch | 46 +++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 queue/setting-acls-on-readonly-mounted-nfs-filesystems.patch

diff --git a/queue/series b/queue/series
index 3f6bd72e8de..767467e8373 100644
--- a/queue/series
+++ b/queue/series
@@ -16,3 +16,4 @@ input-fix-an-OOPS-in-HID-driver.patch
 kernel-params.c-fix-sysfs-access-with-config_modules-n.patch
 scsi-fix-transfer-direction-in-sd.patch
 scsi-fix-transfer-direction-in-scsi_lib-and-st.patch
+setting-acls-on-readonly-mounted-nfs-filesystems.patch
diff --git a/queue/setting-acls-on-readonly-mounted-nfs-filesystems.patch b/queue/setting-acls-on-readonly-mounted-nfs-filesystems.patch
new file mode 100644
index 00000000000..90454a651cb
--- /dev/null
+++ b/queue/setting-acls-on-readonly-mounted-nfs-filesystems.patch
@@ -0,0 +1,46 @@
+From security-bounces@linux.kernel.org Tue Dec 20 07:32:55 2005
+Date: Tue, 20 Dec 2005 16:29:05 +0100
+From: Marcus Meissner <meissner@suse.de>
+To: Trond.Myklebust@netapp.com
+Message-ID: <20051220152905.GA28537@suse.de>
+Cc: Chris L Mason <mason@suse.de>, Andreas Gruenbacher <agruen@suse.de>
+Subject: setting ACLs on readonly mounted NFS filesystems (CVE-2005-3623)
+
+From: Andreas Gruenbacher <agruen@suse.de>
+
+We must check for MAY_SATTR before setting acls, which includes
+checking for read-only exports: the lower-level setxattr operation
+that eventually sets the acl cannot check export-level restrictions.
+
+Bug reported by Martin Walter <mawa@uni-freiburg.de>.
+
+Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/nfsd/nfs2acl.c |    2 +-
+ fs/nfsd/nfs3acl.c |    2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- linux-2.6.14.4.orig/fs/nfsd/nfs2acl.c
++++ linux-2.6.14.4/fs/nfsd/nfs2acl.c
+@@ -107,7 +107,7 @@ static int nfsacld_proc_setacl(struct sv
+ 	dprintk("nfsd: SETACL(2acl)   %s\n", SVCFH_fmt(&argp->fh));
+ 
+ 	fh = fh_copy(&resp->fh, &argp->fh);
+-	nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
++	nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR);
+ 
+ 	if (!nfserr) {
+ 		nfserr = nfserrno( nfsd_set_posix_acl(
+--- linux-2.6.14.4.orig/fs/nfsd/nfs3acl.c
++++ linux-2.6.14.4/fs/nfsd/nfs3acl.c
+@@ -101,7 +101,7 @@ static int nfsd3_proc_setacl(struct svc_
+ 	int nfserr = 0;
+ 
+ 	fh = fh_copy(&resp->fh, &argp->fh);
+-	nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
++	nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR);
+ 
+ 	if (!nfserr) {
+ 		nfserr = nfserrno( nfsd_set_posix_acl(
-- 
2.47.3