fb6e6f321a
[Partially applied during f2fs inclusion, changes now aligned to upstream]
(cherry pick from commit 073931017b49d9458aa351605b43a7e34598caef)
When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2). Fix that.
NB: conflicts resolution included extending the change to all visible
users of the near deprecated function posix_acl_equiv_mode
replaced with posix_acl_update_mode. We did not resolve the ACL
leak in this CL, require additional upstream fixes.
References: CVE-2016-7097
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Bug: 32458736
[haggertk]: Backport to 3.4/msm8974
* convert use of capable_wrt_inode_uidgid to capable
Change-Id: I19591ad452cc825ac282b3cfd2daaa72aa9a1ac1
Signed-off-by: Kevin F. Haggerty <haggertk@lineageos.org>
|
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| acl.c | ||
| acl.h | ||
| balloc.c | ||
| bitmap.c | ||
| dir.c | ||
| ext3.h | ||
| ext3_jbd.c | ||
| file.c | ||
| fsync.c | ||
| hash.c | ||
| ialloc.c | ||
| inode.c | ||
| ioctl.c | ||
| namei.c | ||
| namei.h | ||
| resize.c | ||
| super.c | ||
| symlink.c | ||
| xattr.c | ||
| xattr.h | ||
| xattr_security.c | ||
| xattr_trusted.c | ||
| xattr_user.c | ||