mirror of
https://github.com/torvalds/linux
synced 2024-11-05 18:23:50 +00:00
073931017b
When file permissions are modified via chmod(2) and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod(2). Fix that. References: CVE-2016-7097 Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> |
||
|---|---|---|
| .. | ||
| acl.c | ||
| acl.h | ||
| balloc.c | ||
| dir.c | ||
| ext2.h | ||
| file.c | ||
| ialloc.c | ||
| inode.c | ||
| ioctl.c | ||
| Kconfig | ||
| Makefile | ||
| namei.c | ||
| super.c | ||
| symlink.c | ||
| xattr.c | ||
| xattr.h | ||
| xattr_security.c | ||
| xattr_trusted.c | ||
| xattr_user.c | ||