fb6e6f321a
[Partially applied during f2fs inclusion, changes now aligned to upstream] (cherry pick from commit 073931017b49d9458aa351605b43a7e34598caef) When file permissions are modified via chmod(2) and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod(2). Fix that. NB: conflicts resolution included extending the change to all visible users of the near deprecated function posix_acl_equiv_mode replaced with posix_acl_update_mode. We did not resolve the ACL leak in this CL, require additional upstream fixes. References: CVE-2016-7097 Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Bug: 32458736 [haggertk]: Backport to 3.4/msm8974 * convert use of capable_wrt_inode_uidgid to capable Change-Id: I19591ad452cc825ac282b3cfd2daaa72aa9a1ac1 Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org> |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
acl.c | ||
acl.h | ||
cache.c | ||
cache.h | ||
fid.c | ||
fid.h | ||
v9fs.c | ||
v9fs.h | ||
v9fs_vfs.h | ||
vfs_addr.c | ||
vfs_dentry.c | ||
vfs_dir.c | ||
vfs_file.c | ||
vfs_inode.c | ||
vfs_inode_dotl.c | ||
vfs_super.c | ||
xattr.c | ||
xattr.h | ||
xattr_user.c |