[{"id":1764089,"web_url":"http://patchwork.ozlabs.org/comment/1764089/","msgid":"<44b33212-de25-9006-dd66-5bdabcdb1868@canonical.com>","list_archive_url":null,"date":"2017-09-06T12:59:18","subject":"ACK/cmnt: [trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit when\n\tsetting file permissions","submitter":{"id":71419,"url":"http://patchwork.ozlabs.org/api/people/71419/","name":"Kleber Sacilotto de Souza","email":"kleber.souza@canonical.com"},"content":"On 09/06/17 10:54, Juerg Haefliger wrote:\n> From: Jan Kara \n> \n> commit 073931017b49d9458aa351605b43a7e34598caef upstream.\n> \n> When file permissions are modified via chmod(2) and the user is not in\n> the owning group or capable of CAP_FSETID, the setgid bit is cleared in\n> inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file\n> permissions as well as the new ACL, but doesn't clear the setgid bit in\n> a similar way; this allows to bypass the check in chmod(2). Fix that.\n> \n> References: CVE-2016-7097\n> Reviewed-by: Christoph Hellwig \n> Reviewed-by: Jeff Layton \n> Signed-off-by: Jan Kara \n> Signed-off-by: Andreas Gruenbacher \n> [bwh: Backported to 3.16:\n> - Drop changes to orangefs\n> - Adjust context\n> - Update ext3 as well]\n> Signed-off-by: Ben Hutchings \n> \n> CVE-2016-7097\n> \n\nShould we add here the sha1 of the 3.16 backport commit since the\noriginal SOB comes from it?\n\nProbably:\n(backported from f2ba3e2310b3967720b83126db8684c69ce41894 3.16.y)\n\nI think we can add that while applying the patch.\n\nOtherwise it looks a sane backport and a nice combination of the patches\nfrom 3.2 and 3.16 :-).\n\n\nKleber\n\n> [juergh: Backported to 3.13:\n> - Drop changes to ceph\n> - Use capable() instead of capable_wrt_inode_uidgid()\n> - Update generic_acl.c as well\n> - In gfs2, jfs, and xfs, take care to avoid leaking the allocated ACL if\n> posix_acl_update_mode() determines it's not needed]\n> Signed-off-by: Juerg Haefliger \n> ---\n> fs/9p/acl.c | 40 +++++++++++++++++-----------------------\n> fs/btrfs/acl.c | 6 ++----\n> fs/ext2/acl.c | 12 ++++--------\n> fs/ext3/acl.c | 12 ++++--------\n> fs/ext4/acl.c | 12 ++++--------\n> fs/f2fs/acl.c | 6 ++----\n> fs/generic_acl.c | 15 ++++++++-------\n> fs/gfs2/acl.c | 16 +++++++---------\n> fs/hfsplus/posix_acl.c | 4 ++--\n> fs/jffs2/acl.c | 9 ++++-----\n> fs/jfs/xattr.c | 6 ++++--\n> fs/ocfs2/acl.c | 9 +++------\n> fs/posix_acl.c | 30 ++++++++++++++++++++++++++++++\n> fs/reiserfs/xattr_acl.c | 8 ++------\n> fs/xfs/xfs_acl.c | 17 +++++++----------\n> include/linux/posix_acl.h | 1 +\n> 16 files changed, 101 insertions(+), 102 deletions(-)\n> \n> diff --git a/fs/9p/acl.c b/fs/9p/acl.c\n> index 7af425f53bee..9686c1f17653 100644\n> --- a/fs/9p/acl.c\n> +++ b/fs/9p/acl.c\n> @@ -320,32 +320,26 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name,\n> \tcase ACL_TYPE_ACCESS:\n> \t\tname = POSIX_ACL_XATTR_ACCESS;\n> \t\tif (acl) {\n> -\t\t\tumode_t mode = inode->i_mode;\n> -\t\t\tretval = posix_acl_equiv_mode(acl, &mode);\n> -\t\t\tif (retval < 0)\n> +\t\t\tstruct iattr iattr;\n> +\n> +\t\t\tretval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl);\n> +\t\t\tif (retval)\n> \t\t\t\tgoto err_out;\n> -\t\t\telse {\n> -\t\t\t\tstruct iattr iattr;\n> -\t\t\t\tif (retval == 0) {\n> -\t\t\t\t\t/*\n> -\t\t\t\t\t * ACL can be represented\n> -\t\t\t\t\t * by the mode bits. So don't\n> -\t\t\t\t\t * update ACL.\n> -\t\t\t\t\t */\n> -\t\t\t\t\tacl = NULL;\n> -\t\t\t\t\tvalue = NULL;\n> -\t\t\t\t\tsize = 0;\n> -\t\t\t\t}\n> -\t\t\t\t/* Updte the mode bits */\n> -\t\t\t\tiattr.ia_mode = ((mode & S_IALLUGO) |\n> -\t\t\t\t\t\t (inode->i_mode & ~S_IALLUGO));\n> -\t\t\t\tiattr.ia_valid = ATTR_MODE;\n> -\t\t\t\t/* FIXME should we update ctime ?\n> -\t\t\t\t * What is the following setxattr update the\n> -\t\t\t\t * mode ?\n> +\t\t\tif (!acl) {\n> +\t\t\t\t/*\n> +\t\t\t\t * ACL can be represented\n> +\t\t\t\t * by the mode bits. So don't\n> +\t\t\t\t * update ACL.\n> \t\t\t\t */\n> -\t\t\t\tv9fs_vfs_setattr_dotl(dentry, &iattr);\n> +\t\t\t\tvalue = NULL;\n> +\t\t\t\tsize = 0;\n> \t\t\t}\n> +\t\t\tiattr.ia_valid = ATTR_MODE;\n> +\t\t\t/* FIXME should we update ctime ?\n> +\t\t\t * What is the following setxattr update the\n> +\t\t\t * mode ?\n> +\t\t\t */\n> +\t\t\tv9fs_vfs_setattr_dotl(dentry, &iattr);\n> \t\t}\n> \t\tbreak;\n> \tcase ACL_TYPE_DEFAULT:\n> diff --git a/fs/btrfs/acl.c b/fs/btrfs/acl.c\n> index 0890c83643e9..d6d53e5e7945 100644\n> --- a/fs/btrfs/acl.c\n> +++ b/fs/btrfs/acl.c\n> @@ -118,11 +118,9 @@ static int btrfs_set_acl(struct btrfs_trans_handle *trans,\n> \tcase ACL_TYPE_ACCESS:\n> \t\tname = POSIX_ACL_XATTR_ACCESS;\n> \t\tif (acl) {\n> -\t\t\tret = posix_acl_equiv_mode(acl, &inode->i_mode);\n> -\t\t\tif (ret < 0)\n> +\t\t\tret = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n> +\t\t\tif (ret)\n> \t\t\t\treturn ret;\n> -\t\t\tif (ret == 0)\n> -\t\t\t\tacl = NULL;\n> \t\t}\n> \t\tret = 0;\n> \t\tbreak;\n> diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c\n> index 110b6b371a4e..48c3c2d7d261 100644\n> --- a/fs/ext2/acl.c\n> +++ b/fs/ext2/acl.c\n> @@ -206,15 +206,11 @@ ext2_set_acl(struct inode *inode, int type, struct posix_acl *acl)\n> \t\tcase ACL_TYPE_ACCESS:\n> \t\t\tname_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;\n> \t\t\tif (acl) {\n> -\t\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n> -\t\t\t\tif (error < 0)\n> +\t\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n> +\t\t\t\tif (error)\n> \t\t\t\t\treturn error;\n> -\t\t\t\telse {\n> -\t\t\t\t\tinode->i_ctime = CURRENT_TIME_SEC;\n> -\t\t\t\t\tmark_inode_dirty(inode);\n> -\t\t\t\t\tif (error == 0)\n> -\t\t\t\t\t\tacl = NULL;\n> -\t\t\t\t}\n> +\t\t\t\tinode->i_ctime = CURRENT_TIME_SEC;\n> +\t\t\t\tmark_inode_dirty(inode);\n> \t\t\t}\n> \t\t\tbreak;\n> \n> diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c\n> index dbb5ad59a7fc..bb2f60a62d82 100644\n> --- a/fs/ext3/acl.c\n> +++ b/fs/ext3/acl.c\n> @@ -205,15 +205,11 @@ ext3_set_acl(handle_t *handle, struct inode *inode, int type,\n> \t\tcase ACL_TYPE_ACCESS:\n> \t\t\tname_index = EXT3_XATTR_INDEX_POSIX_ACL_ACCESS;\n> \t\t\tif (acl) {\n> -\t\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n> -\t\t\t\tif (error < 0)\n> +\t\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n> +\t\t\t\tif (error)\n> \t\t\t\t\treturn error;\n> -\t\t\t\telse {\n> -\t\t\t\t\tinode->i_ctime = CURRENT_TIME_SEC;\n> -\t\t\t\t\text3_mark_inode_dirty(handle, inode);\n> -\t\t\t\t\tif (error == 0)\n> -\t\t\t\t\t\tacl = NULL;\n> -\t\t\t\t}\n> +\t\t\t\tinode->i_ctime = CURRENT_TIME_SEC;\n> +\t\t\t\text3_mark_inode_dirty(handle, inode);\n> \t\t\t}\n> \t\t\tbreak;\n> \n> diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c\n> index 39a54a0e9fe4..c844f1bfb451 100644\n> --- a/fs/ext4/acl.c\n> +++ b/fs/ext4/acl.c\n> @@ -211,15 +211,11 @@ ext4_set_acl(handle_t *handle, struct inode *inode, int type,\n> \tcase ACL_TYPE_ACCESS:\n> \t\tname_index = EXT4_XATTR_INDEX_POSIX_ACL_ACCESS;\n> \t\tif (acl) {\n> -\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n> -\t\t\tif (error < 0)\n> +\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n> +\t\t\tif (error)\n> \t\t\t\treturn error;\n> -\t\t\telse {\n> -\t\t\t\tinode->i_ctime = ext4_current_time(inode);\n> -\t\t\t\text4_mark_inode_dirty(handle, inode);\n> -\t\t\t\tif (error == 0)\n> -\t\t\t\t\tacl = NULL;\n> -\t\t\t}\n> +\t\t\tinode->i_ctime = ext4_current_time(inode);\n> +\t\t\text4_mark_inode_dirty(handle, inode);\n> \t\t}\n> \t\tbreak;\n> \n> diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c\n> index d0fc287efeff..0eb2d66827ad 100644\n> --- a/fs/f2fs/acl.c\n> +++ b/fs/f2fs/acl.c\n> @@ -224,12 +224,10 @@ static int f2fs_set_acl(struct inode *inode, int type,\n> \tcase ACL_TYPE_ACCESS:\n> \t\tname_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS;\n> \t\tif (acl) {\n> -\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n> -\t\t\tif (error < 0)\n> +\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n> +\t\t\tif (error)\n> \t\t\t\treturn error;\n> \t\t\tset_acl_inode(fi, inode->i_mode);\n> -\t\t\tif (error == 0)\n> -\t\t\t\tacl = NULL;\n> \t\t}\n> \t\tbreak;\n> \n> diff --git a/fs/generic_acl.c b/fs/generic_acl.c\n> index b3f3676796d3..67319f168b42 100644\n> --- a/fs/generic_acl.c\n> +++ b/fs/generic_acl.c\n> @@ -86,16 +86,17 @@ generic_acl_set(struct dentry *dentry, const char *name, const void *value,\n> \t\tif (error)\n> \t\t\tgoto failed;\n> \t\tswitch (type) {\n> -\t\tcase ACL_TYPE_ACCESS:\n> -\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n> -\t\t\tif (error < 0)\n> +\t\tcase ACL_TYPE_ACCESS: {\n> +\t\t\tstruct posix_acl *saved_acl = acl;\n> +\n> +\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n> +\t\t\tif (acl == NULL)\n> +\t\t\t\tposix_acl_release(saved_acl);\n> +\t\t\tif (error)\n> \t\t\t\tgoto failed;\n> \t\t\tinode->i_ctime = CURRENT_TIME;\n> -\t\t\tif (error == 0) {\n> -\t\t\t\tposix_acl_release(acl);\n> -\t\t\t\tacl = NULL;\n> -\t\t\t}\n> \t\t\tbreak;\n> +\t\t}\n> \t\tcase ACL_TYPE_DEFAULT:\n> \t\t\tif (!S_ISDIR(inode->i_mode)) {\n> \t\t\t\terror = -EINVAL;\n> diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c\n> index f69ac0af5496..015809a066b5 100644\n> --- a/fs/gfs2/acl.c\n> +++ b/fs/gfs2/acl.c\n> @@ -267,16 +267,14 @@ static int gfs2_xattr_system_set(struct dentry *dentry, const char *name,\n> \t\tgoto out_release;\n> \n> \tif (type == ACL_TYPE_ACCESS) {\n> -\t\tumode_t mode = inode->i_mode;\n> -\t\terror = posix_acl_equiv_mode(acl, &mode);\n> +\t\tstruct posix_acl *saved_acl = acl;\n> +\t\tumode_t mode;\n> \n> -\t\tif (error <= 0) {\n> -\t\t\tposix_acl_release(acl);\n> -\t\t\tacl = NULL;\n> -\n> -\t\t\tif (error < 0)\n> -\t\t\t\treturn error;\n> -\t\t}\n> +\t\terror = posix_acl_update_mode(inode, &mode, &acl);\n> +\t\tif (error || acl == NULL)\n> +\t\t\tposix_acl_release(saved_acl);\n> +\t\tif (error)\n> +\t\t\treturn error;\n> \n> \t\terror = gfs2_set_mode(inode, mode);\n> \t\tif (error)\n> diff --git a/fs/hfsplus/posix_acl.c b/fs/hfsplus/posix_acl.c\n> index b609cc14c72e..9f7cc491ffb1 100644\n> --- a/fs/hfsplus/posix_acl.c\n> +++ b/fs/hfsplus/posix_acl.c\n> @@ -72,8 +72,8 @@ static int hfsplus_set_posix_acl(struct inode *inode,\n> \tcase ACL_TYPE_ACCESS:\n> \t\txattr_name = POSIX_ACL_XATTR_ACCESS;\n> \t\tif (acl) {\n> -\t\t\terr = posix_acl_equiv_mode(acl, &inode->i_mode);\n> -\t\t\tif (err < 0)\n> +\t\t\terr = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n> +\t\t\tif (err)\n> \t\t\t\treturn err;\n> \t\t}\n> \t\terr = 0;\n> diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c\n> index 223283c30111..9335b8d3cf52 100644\n> --- a/fs/jffs2/acl.c\n> +++ b/fs/jffs2/acl.c\n> @@ -243,9 +243,10 @@ static int jffs2_set_acl(struct inode *inode, int type, struct posix_acl *acl)\n> \tcase ACL_TYPE_ACCESS:\n> \t\txprefix = JFFS2_XPREFIX_ACL_ACCESS;\n> \t\tif (acl) {\n> -\t\t\tumode_t mode = inode->i_mode;\n> -\t\t\trc = posix_acl_equiv_mode(acl, &mode);\n> -\t\t\tif (rc < 0)\n> +\t\t\tumode_t mode;\n> +\n> +\t\t\trc = posix_acl_update_mode(inode, &mode, &acl);\n> +\t\t\tif (rc)\n> \t\t\t\treturn rc;\n> \t\t\tif (inode->i_mode != mode) {\n> \t\t\t\tstruct iattr attr;\n> @@ -257,8 +258,6 @@ static int jffs2_set_acl(struct inode *inode, int type, struct posix_acl *acl)\n> \t\t\t\tif (rc < 0)\n> \t\t\t\t\treturn rc;\n> \t\t\t}\n> -\t\t\tif (rc == 0)\n> -\t\t\t\tacl = NULL;\n> \t\t}\n> \t\tbreak;\n> \tcase ACL_TYPE_DEFAULT:\n> diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c\n> index d3472f4cd530..6910662a8bf5 100644\n> --- a/fs/jfs/xattr.c\n> +++ b/fs/jfs/xattr.c\n> @@ -693,9 +693,11 @@ static int can_set_system_xattr(struct inode *inode, const char *name,\n> \t\t\treturn rc;\n> \t\t}\n> \t\tif (acl) {\n> -\t\t\trc = posix_acl_equiv_mode(acl, &inode->i_mode);\n> +\t\t\tstruct posix_acl *dummy = acl;\n> +\n> +\t\t\trc = posix_acl_update_mode(inode, &inode->i_mode, &dummy);\n> \t\t\tposix_acl_release(acl);\n> -\t\t\tif (rc < 0) {\n> +\t\t\tif (rc) {\n> \t\t\t\tprintk(KERN_ERR\n> \t\t\t\t \"posix_acl_equiv_mode returned %d\\n\",\n> \t\t\t\t rc);\n> diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c\n> index b4f788e0ca31..b16bb5c70bc8 100644\n> --- a/fs/ocfs2/acl.c\n> +++ b/fs/ocfs2/acl.c\n> @@ -270,14 +270,11 @@ static int ocfs2_set_acl(handle_t *handle,\n> \tcase ACL_TYPE_ACCESS:\n> \t\tname_index = OCFS2_XATTR_INDEX_POSIX_ACL_ACCESS;\n> \t\tif (acl) {\n> -\t\t\tumode_t mode = inode->i_mode;\n> -\t\t\tret = posix_acl_equiv_mode(acl, &mode);\n> -\t\t\tif (ret < 0)\n> +\t\t\tumode_t mode;\n> +\t\t\tret = posix_acl_update_mode(inode, &mode, &acl);\n> +\t\t\tif (ret)\n> \t\t\t\treturn ret;\n> \t\t\telse {\n> -\t\t\t\tif (ret == 0)\n> -\t\t\t\t\tacl = NULL;\n> -\n> \t\t\t\tret = ocfs2_acl_set_mode(inode, di_bh,\n> \t\t\t\t\t\t\t handle, mode);\n> \t\t\t\tif (ret)\n> diff --git a/fs/posix_acl.c b/fs/posix_acl.c\n> index 3542f1f814e2..8161e5c9dc31 100644\n> --- a/fs/posix_acl.c\n> +++ b/fs/posix_acl.c\n> @@ -407,6 +407,36 @@ posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p)\n> }\n> EXPORT_SYMBOL(posix_acl_create);\n> \n> +/**\n> + * posix_acl_update_mode - update mode in set_acl\n> + *\n> + * Update the file mode when setting an ACL: compute the new file permission\n> + * bits based on the ACL. In addition, if the ACL is equivalent to the new\n> + * file mode, set *acl to NULL to indicate that no ACL should be set.\n> + *\n> + * As with chmod, clear the setgit bit if the caller is not in the owning group\n> + * or capable of CAP_FSETID (see inode_change_ok).\n> + *\n> + * Called from set_acl inode operations.\n> + */\n> +int posix_acl_update_mode(struct inode *inode, umode_t *mode_p,\n> +\t\t\t struct posix_acl **acl)\n> +{\n> +\tumode_t mode = inode->i_mode;\n> +\tint error;\n> +\n> +\terror = posix_acl_equiv_mode(*acl, &mode);\n> +\tif (error < 0)\n> +\t\treturn error;\n> +\tif (error == 0)\n> +\t\t*acl = NULL;\n> +\tif (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))\n> +\t\tmode &= ~S_ISGID;\n> +\t*mode_p = mode;\n> +\treturn 0;\n> +}\n> +EXPORT_SYMBOL(posix_acl_update_mode);\n> +\n> int\n> posix_acl_chmod(struct posix_acl **acl, gfp_t gfp, umode_t mode)\n> {\n> diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c\n> index 06c04f73da65..a86ad7ec7957 100644\n> --- a/fs/reiserfs/xattr_acl.c\n> +++ b/fs/reiserfs/xattr_acl.c\n> @@ -288,13 +288,9 @@ reiserfs_set_acl(struct reiserfs_transaction_handle *th, struct inode *inode,\n> \tcase ACL_TYPE_ACCESS:\n> \t\tname = POSIX_ACL_XATTR_ACCESS;\n> \t\tif (acl) {\n> -\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n> -\t\t\tif (error < 0)\n> +\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n> +\t\t\tif (error)\n> \t\t\t\treturn error;\n> -\t\t\telse {\n> -\t\t\t\tif (error == 0)\n> -\t\t\t\t\tacl = NULL;\n> -\t\t\t}\n> \t\t}\n> \t\tbreak;\n> \tcase ACL_TYPE_DEFAULT:\n> diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c\n> index 370eb3e121d1..89ac0522b38d 100644\n> --- a/fs/xfs/xfs_acl.c\n> +++ b/fs/xfs/xfs_acl.c\n> @@ -402,17 +402,14 @@ xfs_xattr_acl_set(struct dentry *dentry, const char *name,\n> \t\tgoto out_release;\n> \n> \tif (type == ACL_TYPE_ACCESS) {\n> -\t\tumode_t mode = inode->i_mode;\n> -\t\terror = posix_acl_equiv_mode(acl, &mode);\n> -\n> -\t\tif (error <= 0) {\n> -\t\t\tposix_acl_release(acl);\n> -\t\t\tacl = NULL;\n> -\n> -\t\t\tif (error < 0)\n> -\t\t\t\treturn error;\n> -\t\t}\n> +\t\tstruct posix_acl *saved_acl = acl;\n> +\t\tumode_t mode;\n> \n> +\t\terror = posix_acl_update_mode(inode, &mode, &acl);\n> +\t\tif (error || acl == NULL)\n> +\t\t\tposix_acl_release(saved_acl);\n> +\t\tif (error)\n> +\t\t\treturn error;\n> \t\terror = xfs_set_mode(inode, mode);\n> \t\tif (error)\n> \t\t\tgoto out_release;\n> diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h\n> index 7931efe71175..2ae0bba45f12 100644\n> --- a/include/linux/posix_acl.h\n> +++ b/include/linux/posix_acl.h\n> @@ -90,6 +90,7 @@ extern struct posix_acl *posix_acl_from_mode(umode_t, gfp_t);\n> extern int posix_acl_equiv_mode(const struct posix_acl *, umode_t *);\n> extern int posix_acl_create(struct posix_acl **, gfp_t, umode_t *);\n> extern int posix_acl_chmod(struct posix_acl **, gfp_t, umode_t);\n> +extern int posix_acl_update_mode(struct inode *, umode_t *, struct posix_acl **);\n> \n> extern struct posix_acl *get_posix_acl(struct inode *, int);\n> extern int set_posix_acl(struct inode *, int, struct posix_acl *);\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com\n\t(client-ip=91.189.94.19; helo=huckleberry.canonical.com;\n\tenvelope-from=kernel-team-bounces@lists.ubuntu.com;\n\treceiver=)","Received":["from huckleberry.canonical.com (huckleberry.canonical.com\n\t[91.189.94.19])\n\tby ozlabs.org (Postfix) with ESMTP id 3xnNvy2LJ4z9sBd;\n\tWed, 6 Sep 2017 22:59:42 +1000 (AEST)","from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\n\tby huckleberry.canonical.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1dpZve-0007hu-IX; Wed, 06 Sep 2017 12:59:38 +0000","from youngberry.canonical.com ([91.189.89.112])\n\tby huckleberry.canonical.com with esmtps\n\t(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)\n\t(Exim 4.86_2) (envelope-from )\n\tid 1dpZvc-0007ho-Ar\n\tfor kernel-team@lists.ubuntu.com; Wed, 06 Sep 2017 12:59:36 +0000","from mail-wr0-f200.google.com ([209.85.128.200])\n\tby youngberry.canonical.com with esmtps\n\t(TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.76) (envelope-from )\n\tid 1dpZvc-0000jY-3D\n\tfor kernel-team@lists.ubuntu.com; Wed, 06 Sep 2017 12:59:36 +0000","by mail-wr0-f200.google.com with SMTP id g50so1155878wra.4\n\tfor ;\n\tWed, 06 Sep 2017 05:59:36 -0700 (PDT)","from [10.120.75.76] (pd95c76fe.dip0.t-ipconnect.de.\n\t[217.92.118.254]) by smtp.gmail.com with ESMTPSA id\n\ta69sm922161wma.44.2017.09.06.05.59.27\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tWed, 06 Sep 2017 05:59:33 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:subject:to:references:from:message-id:date\n\t:user-agent:mime-version:in-reply-to:content-language\n\t:content-transfer-encoding;\n\tbh=vPM2GC7YRdrEywaSN4n7ZCUYKv212FhawcLRc00qjq0=;\n\tb=qqlojGEDcV919gM0chVrmBC3hJ/JD7kiBRuahcWL1xHFTp9ojbenLVj08VqOmFP7xw\n\tqDbLj9G2tfqrqVmSWrIy4GSYffvEkVeHcGRgyGDjjv+oRsVX+VqY1/vYIwc7AVf4nxZ8\n\tB6auwcX8VeMSCnXpYDEV5oi2TWshpsgBk/UUfXn6TsWobcwg/tVI6tLm56TgTJAXwqjS\n\tr/Xfz0KIWwxAdIe6W609r5d39hs+RbP44XmHcgLkDW2c+J5qFDlUJECiFMrvydkdRHC0\n\tbUVGU1rTzy1R65krjM3JMm3xo/0SLXP56rQ9yajeEmjnc18FOGz1aVvisfMGRjMV3GkK\n\tgJMg==","X-Gm-Message-State":"AHPjjUi9j8qjn6DURJrJQ6vbgLSFxiQUDGAT+hWn/kmxk9c11vdwUQyJ\n\t2Y1dUa5TetWSUoZRjrH0GF3irn4r7mBFkL3pX2fJIccrm1UNgKeT8iNNkTpi7bir2ck5L0UKrX+\n\tEenEI9twG4Gx5P1pfoj/729zfORzW6kso","X-Received":["by 10.28.34.198 with SMTP id i189mr11236wmi.165.1504702775255;\n\tWed, 06 Sep 2017 05:59:35 -0700 (PDT)","by 10.28.34.198 with SMTP id i189mr11219wmi.165.1504702774643;\n\tWed, 06 Sep 2017 05:59:34 -0700 (PDT)"],"X-Google-Smtp-Source":"ADKCNb5RT6okv62afJcku2wrMibs+TFI3s/eBaEaXGf4AHeS31jNkiXHG/P1rYHYLyMvkcCTNefuEw==","Subject":"ACK/cmnt: [trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit when\n\tsetting file permissions","To":"Juerg Haefliger ,\n\tkernel-team@lists.ubuntu.com","References":"<20170906085453.22382-1-juerg.haefliger@canonical.com>\n\t<20170906085453.22382-2-juerg.haefliger@canonical.com>","From":"Kleber Souza ","Message-ID":"<44b33212-de25-9006-dd66-5bdabcdb1868@canonical.com>","Date":"Wed, 6 Sep 2017 14:59:18 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<20170906085453.22382-2-juerg.haefliger@canonical.com>","Content-Language":"en-US","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}},{"id":1764093,"web_url":"http://patchwork.ozlabs.org/comment/1764093/","msgid":"<1e8a9145-643f-50c8-bfdb-aff71d4940c5@canonical.com>","list_archive_url":null,"date":"2017-09-06T13:00:31","subject":"Re: ACK/cmnt: [trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit\n\twhen setting file permissions","submitter":{"id":71419,"url":"http://patchwork.ozlabs.org/api/people/71419/","name":"Kleber Sacilotto de Souza","email":"kleber.souza@canonical.com"},"content":"On 09/06/17 14:59, Kleber Souza wrote:\n> On 09/06/17 10:54, Juerg Haefliger wrote:\n>> From: Jan Kara \n>>\n>> commit 073931017b49d9458aa351605b43a7e34598caef upstream.\n>>\n>> When file permissions are modified via chmod(2) and the user is not in\n>> the owning group or capable of CAP_FSETID, the setgid bit is cleared in\n>> inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file\n>> permissions as well as the new ACL, but doesn't clear the setgid bit in\n>> a similar way; this allows to bypass the check in chmod(2). Fix that.\n>>\n>> References: CVE-2016-7097\n>> Reviewed-by: Christoph Hellwig \n>> Reviewed-by: Jeff Layton \n>> Signed-off-by: Jan Kara \n>> Signed-off-by: Andreas Gruenbacher \n>> [bwh: Backported to 3.16:\n>> - Drop changes to orangefs\n>> - Adjust context\n>> - Update ext3 as well]\n>> Signed-off-by: Ben Hutchings \n>>\n>> CVE-2016-7097\n>>\n> \n> Should we add here the sha1 of the 3.16 backport commit since the\n> original SOB comes from it?\n> \n> Probably:\n> (backported from f2ba3e2310b3967720b83126db8684c69ce41894 3.16.y)\n> \n> I think we can add that while applying the patch.\n> \n> Otherwise it looks a sane backport and a nice combination of the patches\n> from 3.2 and 3.16 :-).\n\nNow with the actual ACK:\n\nAcked-by: Kleber Sacilotto de Souza \n\n> \n> \n> Kleber\n> \n>> [juergh: Backported to 3.13:\n>> - Drop changes to ceph\n>> - Use capable() instead of capable_wrt_inode_uidgid()\n>> - Update generic_acl.c as well\n>> - In gfs2, jfs, and xfs, take care to avoid leaking the allocated ACL if\n>> posix_acl_update_mode() determines it's not needed]\n>> Signed-off-by: Juerg Haefliger \n>> ---\n>> fs/9p/acl.c | 40 +++++++++++++++++-----------------------\n>> fs/btrfs/acl.c | 6 ++----\n>> fs/ext2/acl.c | 12 ++++--------\n>> fs/ext3/acl.c | 12 ++++--------\n>> fs/ext4/acl.c | 12 ++++--------\n>> fs/f2fs/acl.c | 6 ++----\n>> fs/generic_acl.c | 15 ++++++++-------\n>> fs/gfs2/acl.c | 16 +++++++---------\n>> fs/hfsplus/posix_acl.c | 4 ++--\n>> fs/jffs2/acl.c | 9 ++++-----\n>> fs/jfs/xattr.c | 6 ++++--\n>> fs/ocfs2/acl.c | 9 +++------\n>> fs/posix_acl.c | 30 ++++++++++++++++++++++++++++++\n>> fs/reiserfs/xattr_acl.c | 8 ++------\n>> fs/xfs/xfs_acl.c | 17 +++++++----------\n>> include/linux/posix_acl.h | 1 +\n>> 16 files changed, 101 insertions(+), 102 deletions(-)\n>>\n>> diff --git a/fs/9p/acl.c b/fs/9p/acl.c\n>> index 7af425f53bee..9686c1f17653 100644\n>> --- a/fs/9p/acl.c\n>> +++ b/fs/9p/acl.c\n>> @@ -320,32 +320,26 @@ static int v9fs_xattr_set_acl(struct dentry *dentry, const char *name,\n>> \tcase ACL_TYPE_ACCESS:\n>> \t\tname = POSIX_ACL_XATTR_ACCESS;\n>> \t\tif (acl) {\n>> -\t\t\tumode_t mode = inode->i_mode;\n>> -\t\t\tretval = posix_acl_equiv_mode(acl, &mode);\n>> -\t\t\tif (retval < 0)\n>> +\t\t\tstruct iattr iattr;\n>> +\n>> +\t\t\tretval = posix_acl_update_mode(inode, &iattr.ia_mode, &acl);\n>> +\t\t\tif (retval)\n>> \t\t\t\tgoto err_out;\n>> -\t\t\telse {\n>> -\t\t\t\tstruct iattr iattr;\n>> -\t\t\t\tif (retval == 0) {\n>> -\t\t\t\t\t/*\n>> -\t\t\t\t\t * ACL can be represented\n>> -\t\t\t\t\t * by the mode bits. So don't\n>> -\t\t\t\t\t * update ACL.\n>> -\t\t\t\t\t */\n>> -\t\t\t\t\tacl = NULL;\n>> -\t\t\t\t\tvalue = NULL;\n>> -\t\t\t\t\tsize = 0;\n>> -\t\t\t\t}\n>> -\t\t\t\t/* Updte the mode bits */\n>> -\t\t\t\tiattr.ia_mode = ((mode & S_IALLUGO) |\n>> -\t\t\t\t\t\t (inode->i_mode & ~S_IALLUGO));\n>> -\t\t\t\tiattr.ia_valid = ATTR_MODE;\n>> -\t\t\t\t/* FIXME should we update ctime ?\n>> -\t\t\t\t * What is the following setxattr update the\n>> -\t\t\t\t * mode ?\n>> +\t\t\tif (!acl) {\n>> +\t\t\t\t/*\n>> +\t\t\t\t * ACL can be represented\n>> +\t\t\t\t * by the mode bits. So don't\n>> +\t\t\t\t * update ACL.\n>> \t\t\t\t */\n>> -\t\t\t\tv9fs_vfs_setattr_dotl(dentry, &iattr);\n>> +\t\t\t\tvalue = NULL;\n>> +\t\t\t\tsize = 0;\n>> \t\t\t}\n>> +\t\t\tiattr.ia_valid = ATTR_MODE;\n>> +\t\t\t/* FIXME should we update ctime ?\n>> +\t\t\t * What is the following setxattr update the\n>> +\t\t\t * mode ?\n>> +\t\t\t */\n>> +\t\t\tv9fs_vfs_setattr_dotl(dentry, &iattr);\n>> \t\t}\n>> \t\tbreak;\n>> \tcase ACL_TYPE_DEFAULT:\n>> diff --git a/fs/btrfs/acl.c b/fs/btrfs/acl.c\n>> index 0890c83643e9..d6d53e5e7945 100644\n>> --- a/fs/btrfs/acl.c\n>> +++ b/fs/btrfs/acl.c\n>> @@ -118,11 +118,9 @@ static int btrfs_set_acl(struct btrfs_trans_handle *trans,\n>> \tcase ACL_TYPE_ACCESS:\n>> \t\tname = POSIX_ACL_XATTR_ACCESS;\n>> \t\tif (acl) {\n>> -\t\t\tret = posix_acl_equiv_mode(acl, &inode->i_mode);\n>> -\t\t\tif (ret < 0)\n>> +\t\t\tret = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n>> +\t\t\tif (ret)\n>> \t\t\t\treturn ret;\n>> -\t\t\tif (ret == 0)\n>> -\t\t\t\tacl = NULL;\n>> \t\t}\n>> \t\tret = 0;\n>> \t\tbreak;\n>> diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c\n>> index 110b6b371a4e..48c3c2d7d261 100644\n>> --- a/fs/ext2/acl.c\n>> +++ b/fs/ext2/acl.c\n>> @@ -206,15 +206,11 @@ ext2_set_acl(struct inode *inode, int type, struct posix_acl *acl)\n>> \t\tcase ACL_TYPE_ACCESS:\n>> \t\t\tname_index = EXT2_XATTR_INDEX_POSIX_ACL_ACCESS;\n>> \t\t\tif (acl) {\n>> -\t\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n>> -\t\t\t\tif (error < 0)\n>> +\t\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n>> +\t\t\t\tif (error)\n>> \t\t\t\t\treturn error;\n>> -\t\t\t\telse {\n>> -\t\t\t\t\tinode->i_ctime = CURRENT_TIME_SEC;\n>> -\t\t\t\t\tmark_inode_dirty(inode);\n>> -\t\t\t\t\tif (error == 0)\n>> -\t\t\t\t\t\tacl = NULL;\n>> -\t\t\t\t}\n>> +\t\t\t\tinode->i_ctime = CURRENT_TIME_SEC;\n>> +\t\t\t\tmark_inode_dirty(inode);\n>> \t\t\t}\n>> \t\t\tbreak;\n>> \n>> diff --git a/fs/ext3/acl.c b/fs/ext3/acl.c\n>> index dbb5ad59a7fc..bb2f60a62d82 100644\n>> --- a/fs/ext3/acl.c\n>> +++ b/fs/ext3/acl.c\n>> @@ -205,15 +205,11 @@ ext3_set_acl(handle_t *handle, struct inode *inode, int type,\n>> \t\tcase ACL_TYPE_ACCESS:\n>> \t\t\tname_index = EXT3_XATTR_INDEX_POSIX_ACL_ACCESS;\n>> \t\t\tif (acl) {\n>> -\t\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n>> -\t\t\t\tif (error < 0)\n>> +\t\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n>> +\t\t\t\tif (error)\n>> \t\t\t\t\treturn error;\n>> -\t\t\t\telse {\n>> -\t\t\t\t\tinode->i_ctime = CURRENT_TIME_SEC;\n>> -\t\t\t\t\text3_mark_inode_dirty(handle, inode);\n>> -\t\t\t\t\tif (error == 0)\n>> -\t\t\t\t\t\tacl = NULL;\n>> -\t\t\t\t}\n>> +\t\t\t\tinode->i_ctime = CURRENT_TIME_SEC;\n>> +\t\t\t\text3_mark_inode_dirty(handle, inode);\n>> \t\t\t}\n>> \t\t\tbreak;\n>> \n>> diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c\n>> index 39a54a0e9fe4..c844f1bfb451 100644\n>> --- a/fs/ext4/acl.c\n>> +++ b/fs/ext4/acl.c\n>> @@ -211,15 +211,11 @@ ext4_set_acl(handle_t *handle, struct inode *inode, int type,\n>> \tcase ACL_TYPE_ACCESS:\n>> \t\tname_index = EXT4_XATTR_INDEX_POSIX_ACL_ACCESS;\n>> \t\tif (acl) {\n>> -\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n>> -\t\t\tif (error < 0)\n>> +\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n>> +\t\t\tif (error)\n>> \t\t\t\treturn error;\n>> -\t\t\telse {\n>> -\t\t\t\tinode->i_ctime = ext4_current_time(inode);\n>> -\t\t\t\text4_mark_inode_dirty(handle, inode);\n>> -\t\t\t\tif (error == 0)\n>> -\t\t\t\t\tacl = NULL;\n>> -\t\t\t}\n>> +\t\t\tinode->i_ctime = ext4_current_time(inode);\n>> +\t\t\text4_mark_inode_dirty(handle, inode);\n>> \t\t}\n>> \t\tbreak;\n>> \n>> diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c\n>> index d0fc287efeff..0eb2d66827ad 100644\n>> --- a/fs/f2fs/acl.c\n>> +++ b/fs/f2fs/acl.c\n>> @@ -224,12 +224,10 @@ static int f2fs_set_acl(struct inode *inode, int type,\n>> \tcase ACL_TYPE_ACCESS:\n>> \t\tname_index = F2FS_XATTR_INDEX_POSIX_ACL_ACCESS;\n>> \t\tif (acl) {\n>> -\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n>> -\t\t\tif (error < 0)\n>> +\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n>> +\t\t\tif (error)\n>> \t\t\t\treturn error;\n>> \t\t\tset_acl_inode(fi, inode->i_mode);\n>> -\t\t\tif (error == 0)\n>> -\t\t\t\tacl = NULL;\n>> \t\t}\n>> \t\tbreak;\n>> \n>> diff --git a/fs/generic_acl.c b/fs/generic_acl.c\n>> index b3f3676796d3..67319f168b42 100644\n>> --- a/fs/generic_acl.c\n>> +++ b/fs/generic_acl.c\n>> @@ -86,16 +86,17 @@ generic_acl_set(struct dentry *dentry, const char *name, const void *value,\n>> \t\tif (error)\n>> \t\t\tgoto failed;\n>> \t\tswitch (type) {\n>> -\t\tcase ACL_TYPE_ACCESS:\n>> -\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n>> -\t\t\tif (error < 0)\n>> +\t\tcase ACL_TYPE_ACCESS: {\n>> +\t\t\tstruct posix_acl *saved_acl = acl;\n>> +\n>> +\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n>> +\t\t\tif (acl == NULL)\n>> +\t\t\t\tposix_acl_release(saved_acl);\n>> +\t\t\tif (error)\n>> \t\t\t\tgoto failed;\n>> \t\t\tinode->i_ctime = CURRENT_TIME;\n>> -\t\t\tif (error == 0) {\n>> -\t\t\t\tposix_acl_release(acl);\n>> -\t\t\t\tacl = NULL;\n>> -\t\t\t}\n>> \t\t\tbreak;\n>> +\t\t}\n>> \t\tcase ACL_TYPE_DEFAULT:\n>> \t\t\tif (!S_ISDIR(inode->i_mode)) {\n>> \t\t\t\terror = -EINVAL;\n>> diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c\n>> index f69ac0af5496..015809a066b5 100644\n>> --- a/fs/gfs2/acl.c\n>> +++ b/fs/gfs2/acl.c\n>> @@ -267,16 +267,14 @@ static int gfs2_xattr_system_set(struct dentry *dentry, const char *name,\n>> \t\tgoto out_release;\n>> \n>> \tif (type == ACL_TYPE_ACCESS) {\n>> -\t\tumode_t mode = inode->i_mode;\n>> -\t\terror = posix_acl_equiv_mode(acl, &mode);\n>> +\t\tstruct posix_acl *saved_acl = acl;\n>> +\t\tumode_t mode;\n>> \n>> -\t\tif (error <= 0) {\n>> -\t\t\tposix_acl_release(acl);\n>> -\t\t\tacl = NULL;\n>> -\n>> -\t\t\tif (error < 0)\n>> -\t\t\t\treturn error;\n>> -\t\t}\n>> +\t\terror = posix_acl_update_mode(inode, &mode, &acl);\n>> +\t\tif (error || acl == NULL)\n>> +\t\t\tposix_acl_release(saved_acl);\n>> +\t\tif (error)\n>> +\t\t\treturn error;\n>> \n>> \t\terror = gfs2_set_mode(inode, mode);\n>> \t\tif (error)\n>> diff --git a/fs/hfsplus/posix_acl.c b/fs/hfsplus/posix_acl.c\n>> index b609cc14c72e..9f7cc491ffb1 100644\n>> --- a/fs/hfsplus/posix_acl.c\n>> +++ b/fs/hfsplus/posix_acl.c\n>> @@ -72,8 +72,8 @@ static int hfsplus_set_posix_acl(struct inode *inode,\n>> \tcase ACL_TYPE_ACCESS:\n>> \t\txattr_name = POSIX_ACL_XATTR_ACCESS;\n>> \t\tif (acl) {\n>> -\t\t\terr = posix_acl_equiv_mode(acl, &inode->i_mode);\n>> -\t\t\tif (err < 0)\n>> +\t\t\terr = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n>> +\t\t\tif (err)\n>> \t\t\t\treturn err;\n>> \t\t}\n>> \t\terr = 0;\n>> diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c\n>> index 223283c30111..9335b8d3cf52 100644\n>> --- a/fs/jffs2/acl.c\n>> +++ b/fs/jffs2/acl.c\n>> @@ -243,9 +243,10 @@ static int jffs2_set_acl(struct inode *inode, int type, struct posix_acl *acl)\n>> \tcase ACL_TYPE_ACCESS:\n>> \t\txprefix = JFFS2_XPREFIX_ACL_ACCESS;\n>> \t\tif (acl) {\n>> -\t\t\tumode_t mode = inode->i_mode;\n>> -\t\t\trc = posix_acl_equiv_mode(acl, &mode);\n>> -\t\t\tif (rc < 0)\n>> +\t\t\tumode_t mode;\n>> +\n>> +\t\t\trc = posix_acl_update_mode(inode, &mode, &acl);\n>> +\t\t\tif (rc)\n>> \t\t\t\treturn rc;\n>> \t\t\tif (inode->i_mode != mode) {\n>> \t\t\t\tstruct iattr attr;\n>> @@ -257,8 +258,6 @@ static int jffs2_set_acl(struct inode *inode, int type, struct posix_acl *acl)\n>> \t\t\t\tif (rc < 0)\n>> \t\t\t\t\treturn rc;\n>> \t\t\t}\n>> -\t\t\tif (rc == 0)\n>> -\t\t\t\tacl = NULL;\n>> \t\t}\n>> \t\tbreak;\n>> \tcase ACL_TYPE_DEFAULT:\n>> diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c\n>> index d3472f4cd530..6910662a8bf5 100644\n>> --- a/fs/jfs/xattr.c\n>> +++ b/fs/jfs/xattr.c\n>> @@ -693,9 +693,11 @@ static int can_set_system_xattr(struct inode *inode, const char *name,\n>> \t\t\treturn rc;\n>> \t\t}\n>> \t\tif (acl) {\n>> -\t\t\trc = posix_acl_equiv_mode(acl, &inode->i_mode);\n>> +\t\t\tstruct posix_acl *dummy = acl;\n>> +\n>> +\t\t\trc = posix_acl_update_mode(inode, &inode->i_mode, &dummy);\n>> \t\t\tposix_acl_release(acl);\n>> -\t\t\tif (rc < 0) {\n>> +\t\t\tif (rc) {\n>> \t\t\t\tprintk(KERN_ERR\n>> \t\t\t\t \"posix_acl_equiv_mode returned %d\\n\",\n>> \t\t\t\t rc);\n>> diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c\n>> index b4f788e0ca31..b16bb5c70bc8 100644\n>> --- a/fs/ocfs2/acl.c\n>> +++ b/fs/ocfs2/acl.c\n>> @@ -270,14 +270,11 @@ static int ocfs2_set_acl(handle_t *handle,\n>> \tcase ACL_TYPE_ACCESS:\n>> \t\tname_index = OCFS2_XATTR_INDEX_POSIX_ACL_ACCESS;\n>> \t\tif (acl) {\n>> -\t\t\tumode_t mode = inode->i_mode;\n>> -\t\t\tret = posix_acl_equiv_mode(acl, &mode);\n>> -\t\t\tif (ret < 0)\n>> +\t\t\tumode_t mode;\n>> +\t\t\tret = posix_acl_update_mode(inode, &mode, &acl);\n>> +\t\t\tif (ret)\n>> \t\t\t\treturn ret;\n>> \t\t\telse {\n>> -\t\t\t\tif (ret == 0)\n>> -\t\t\t\t\tacl = NULL;\n>> -\n>> \t\t\t\tret = ocfs2_acl_set_mode(inode, di_bh,\n>> \t\t\t\t\t\t\t handle, mode);\n>> \t\t\t\tif (ret)\n>> diff --git a/fs/posix_acl.c b/fs/posix_acl.c\n>> index 3542f1f814e2..8161e5c9dc31 100644\n>> --- a/fs/posix_acl.c\n>> +++ b/fs/posix_acl.c\n>> @@ -407,6 +407,36 @@ posix_acl_create(struct posix_acl **acl, gfp_t gfp, umode_t *mode_p)\n>> }\n>> EXPORT_SYMBOL(posix_acl_create);\n>> \n>> +/**\n>> + * posix_acl_update_mode - update mode in set_acl\n>> + *\n>> + * Update the file mode when setting an ACL: compute the new file permission\n>> + * bits based on the ACL. In addition, if the ACL is equivalent to the new\n>> + * file mode, set *acl to NULL to indicate that no ACL should be set.\n>> + *\n>> + * As with chmod, clear the setgit bit if the caller is not in the owning group\n>> + * or capable of CAP_FSETID (see inode_change_ok).\n>> + *\n>> + * Called from set_acl inode operations.\n>> + */\n>> +int posix_acl_update_mode(struct inode *inode, umode_t *mode_p,\n>> +\t\t\t struct posix_acl **acl)\n>> +{\n>> +\tumode_t mode = inode->i_mode;\n>> +\tint error;\n>> +\n>> +\terror = posix_acl_equiv_mode(*acl, &mode);\n>> +\tif (error < 0)\n>> +\t\treturn error;\n>> +\tif (error == 0)\n>> +\t\t*acl = NULL;\n>> +\tif (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))\n>> +\t\tmode &= ~S_ISGID;\n>> +\t*mode_p = mode;\n>> +\treturn 0;\n>> +}\n>> +EXPORT_SYMBOL(posix_acl_update_mode);\n>> +\n>> int\n>> posix_acl_chmod(struct posix_acl **acl, gfp_t gfp, umode_t mode)\n>> {\n>> diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c\n>> index 06c04f73da65..a86ad7ec7957 100644\n>> --- a/fs/reiserfs/xattr_acl.c\n>> +++ b/fs/reiserfs/xattr_acl.c\n>> @@ -288,13 +288,9 @@ reiserfs_set_acl(struct reiserfs_transaction_handle *th, struct inode *inode,\n>> \tcase ACL_TYPE_ACCESS:\n>> \t\tname = POSIX_ACL_XATTR_ACCESS;\n>> \t\tif (acl) {\n>> -\t\t\terror = posix_acl_equiv_mode(acl, &inode->i_mode);\n>> -\t\t\tif (error < 0)\n>> +\t\t\terror = posix_acl_update_mode(inode, &inode->i_mode, &acl);\n>> +\t\t\tif (error)\n>> \t\t\t\treturn error;\n>> -\t\t\telse {\n>> -\t\t\t\tif (error == 0)\n>> -\t\t\t\t\tacl = NULL;\n>> -\t\t\t}\n>> \t\t}\n>> \t\tbreak;\n>> \tcase ACL_TYPE_DEFAULT:\n>> diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c\n>> index 370eb3e121d1..89ac0522b38d 100644\n>> --- a/fs/xfs/xfs_acl.c\n>> +++ b/fs/xfs/xfs_acl.c\n>> @@ -402,17 +402,14 @@ xfs_xattr_acl_set(struct dentry *dentry, const char *name,\n>> \t\tgoto out_release;\n>> \n>> \tif (type == ACL_TYPE_ACCESS) {\n>> -\t\tumode_t mode = inode->i_mode;\n>> -\t\terror = posix_acl_equiv_mode(acl, &mode);\n>> -\n>> -\t\tif (error <= 0) {\n>> -\t\t\tposix_acl_release(acl);\n>> -\t\t\tacl = NULL;\n>> -\n>> -\t\t\tif (error < 0)\n>> -\t\t\t\treturn error;\n>> -\t\t}\n>> +\t\tstruct posix_acl *saved_acl = acl;\n>> +\t\tumode_t mode;\n>> \n>> +\t\terror = posix_acl_update_mode(inode, &mode, &acl);\n>> +\t\tif (error || acl == NULL)\n>> +\t\t\tposix_acl_release(saved_acl);\n>> +\t\tif (error)\n>> +\t\t\treturn error;\n>> \t\terror = xfs_set_mode(inode, mode);\n>> \t\tif (error)\n>> \t\t\tgoto out_release;\n>> diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h\n>> index 7931efe71175..2ae0bba45f12 100644\n>> --- a/include/linux/posix_acl.h\n>> +++ b/include/linux/posix_acl.h\n>> @@ -90,6 +90,7 @@ extern struct posix_acl *posix_acl_from_mode(umode_t, gfp_t);\n>> extern int posix_acl_equiv_mode(const struct posix_acl *, umode_t *);\n>> extern int posix_acl_create(struct posix_acl **, gfp_t, umode_t *);\n>> extern int posix_acl_chmod(struct posix_acl **, gfp_t, umode_t);\n>> +extern int posix_acl_update_mode(struct inode *, umode_t *, struct posix_acl **);\n>> \n>> extern struct posix_acl *get_posix_acl(struct inode *, int);\n>> extern int set_posix_acl(struct inode *, int, struct posix_acl *);\n>>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com\n\t(client-ip=91.189.94.19; helo=huckleberry.canonical.com;\n\tenvelope-from=kernel-team-bounces@lists.ubuntu.com;\n\treceiver=)","Received":["from huckleberry.canonical.com (huckleberry.canonical.com\n\t[91.189.94.19])\n\tby ozlabs.org (Postfix) with ESMTP id 3xnNxG6rVGz9t2R;\n\tWed, 6 Sep 2017 23:00:50 +1000 (AEST)","from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\n\tby huckleberry.canonical.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1dpZwl-0007s8-Ea; Wed, 06 Sep 2017 13:00:47 +0000","from youngberry.canonical.com ([91.189.89.112])\n\tby huckleberry.canonical.com with esmtps\n\t(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)\n\t(Exim 4.86_2) (envelope-from )\n\tid 1dpZwi-0007rH-G8\n\tfor kernel-team@lists.ubuntu.com; Wed, 06 Sep 2017 13:00:44 +0000","from mail-wr0-f199.google.com ([209.85.128.199])\n\tby youngberry.canonical.com with esmtps\n\t(TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.76) (envelope-from )\n\tid 1dpZwi-0000vK-8W\n\tfor kernel-team@lists.ubuntu.com; Wed, 06 Sep 2017 13:00:44 +0000","by mail-wr0-f199.google.com with SMTP id k20so2663239wre.6\n\tfor ;\n\tWed, 06 Sep 2017 06:00:44 -0700 (PDT)","from [10.120.75.76] (pd95c76fe.dip0.t-ipconnect.de.\n\t[217.92.118.254]) by smtp.gmail.com with ESMTPSA id\n\th6sm2978882wma.31.2017.09.06.06.00.34\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tWed, 06 Sep 2017 06:00:41 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:subject:from:to:references:message-id:date\n\t:user-agent:mime-version:in-reply-to:content-language\n\t:content-transfer-encoding;\n\tbh=vnnVOrT4gVYoTSzAzT21lOIDN3rO3stEK4o7uUycExg=;\n\tb=eeIdd7wtHnLUjLXwne7Do+IwBtKjNQpRcvJ9SmBBmGyaDPhi7dibe+7nYieg9sIDNO\n\t8c/6VGHUeCdX43AS3pXhRAO0uC/FvadIETGdrjnegZjNxSx7Nq8hFFO/hwb4hL6N4QA1\n\tNhJXZ4BUKJxKaNeMRxXWIIFSkHYjYBlElQ4P4UFTk1+BKTN/qVUZob/XobRkI6OvxxZj\n\t1jtFqac9ZKfRwOUD23s5ZihMeJqRUixEoaec6tKDhUEGioBvzSWnUi676qgMDNv058Tv\n\tk4ZprbMxlLlVhCr69VWJcmBWZ8MlpZTtlNryEmn9Jk3dGmOkkwTPrUjulCRKP0Ls1y06\n\tF1bQ==","X-Gm-Message-State":"AHPjjUj9vqEU0EAks29nXrkbvWyo6hcZ1ffA96ArrbHG+8u6Fx31XW1I\n\tod8oLRN8oWD6OTsjN8eaPYYxIV9KTyu+FOK7QkzECagDACm2fq9Pc2Awxf+uFbPiyiEfx6Mf1Vk\n\t+IpD+MmwoCfSEzGJjuUprvmHeMUrFLsIK","X-Received":["by 10.223.134.168 with SMTP id 37mr1547586wrx.311.1504702843307; \n\tWed, 06 Sep 2017 06:00:43 -0700 (PDT)","by 10.223.134.168 with SMTP id 37mr1547558wrx.311.1504702842723; \n\tWed, 06 Sep 2017 06:00:42 -0700 (PDT)"],"X-Google-Smtp-Source":"ADKCNb6P6qAsrt0Sq86qsvNQAF6XjDQvr7prhjhtafwQWQ8yjn0PXZBroyoCu9mfE5uOjOaLgtxueA==","Subject":"Re: ACK/cmnt: [trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit\n\twhen setting file permissions","From":"Kleber Souza ","To":"Juerg Haefliger ,\n\tkernel-team@lists.ubuntu.com","References":"<20170906085453.22382-1-juerg.haefliger@canonical.com>\n\t<20170906085453.22382-2-juerg.haefliger@canonical.com>\n\t<44b33212-de25-9006-dd66-5bdabcdb1868@canonical.com>","Message-ID":"<1e8a9145-643f-50c8-bfdb-aff71d4940c5@canonical.com>","Date":"Wed, 6 Sep 2017 15:00:31 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101\n\tThunderbird/52.2.1","MIME-Version":"1.0","In-Reply-To":"<44b33212-de25-9006-dd66-5bdabcdb1868@canonical.com>","Content-Language":"en-US","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}},{"id":1764109,"web_url":"http://patchwork.ozlabs.org/comment/1764109/","msgid":"<20170906134038.gbmkc5anuhwnvb2o@calabresa>","list_archive_url":null,"date":"2017-09-06T13:40:39","subject":"Re: [trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit when\n\tsetting file permissions","submitter":{"id":70574,"url":"http://patchwork.ozlabs.org/api/people/70574/","name":"Thadeu Lima de Souza Cascardo","email":"cascardo@canonical.com"},"content":"On Wed, Sep 06, 2017 at 10:54:53AM +0200, Juerg Haefliger wrote:\n> From: Jan Kara \n> \n> commit 073931017b49d9458aa351605b43a7e34598caef upstream.\n> \n> When file permissions are modified via chmod(2) and the user is not in\n> the owning group or capable of CAP_FSETID, the setgid bit is cleared in\n> inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file\n> permissions as well as the new ACL, but doesn't clear the setgid bit in\n> a similar way; this allows to bypass the check in chmod(2). Fix that.\n> \n> References: CVE-2016-7097\n> Reviewed-by: Christoph Hellwig \n> Reviewed-by: Jeff Layton \n> Signed-off-by: Jan Kara \n> Signed-off-by: Andreas Gruenbacher \n> [bwh: Backported to 3.16:\n> - Drop changes to orangefs\n> - Adjust context\n> - Update ext3 as well]\n> Signed-off-by: Ben Hutchings \n> \n> CVE-2016-7097\n> \n> [juergh: Backported to 3.13:\n> - Drop changes to ceph\n> - Use capable() instead of capable_wrt_inode_uidgid()\n\nWe have capable_wrt_inode_uidgid in trusty. Why didn't you use it?\n\nCascardo.","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com\n\t(client-ip=91.189.94.19; helo=huckleberry.canonical.com;\n\tenvelope-from=kernel-team-bounces@lists.ubuntu.com;\n\treceiver=)","Received":["from huckleberry.canonical.com (huckleberry.canonical.com\n\t[91.189.94.19])\n\tby ozlabs.org (Postfix) with ESMTP id 3xnPqQ2ZG2z9sNV;\n\tWed, 6 Sep 2017 23:40:50 +1000 (AEST)","from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\n\tby huckleberry.canonical.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1dpaZR-0004dk-1d; Wed, 06 Sep 2017 13:40:45 +0000","from youngberry.canonical.com ([91.189.89.112])\n\tby huckleberry.canonical.com with esmtps\n\t(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)\n\t(Exim 4.86_2) (envelope-from )\n\tid 1dpaZQ-0004dc-At\n\tfor kernel-team@lists.ubuntu.com; Wed, 06 Sep 2017 13:40:44 +0000","from 1.general.cascardo.us.vpn ([10.172.70.58] helo=calabresa)\n\tby youngberry.canonical.com with esmtpsa\n\t(TLS1.0:RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.76) (envelope-from )\n\tid 1dpaZP-0002jw-LZ; Wed, 06 Sep 2017 13:40:44 +0000"],"Date":"Wed, 6 Sep 2017 10:40:39 -0300","From":"Thadeu Lima de Souza Cascardo ","To":"Juerg Haefliger ","Subject":"Re: [trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit when\n\tsetting file permissions","Message-ID":"<20170906134038.gbmkc5anuhwnvb2o@calabresa>","References":"<20170906085453.22382-1-juerg.haefliger@canonical.com>\n\t<20170906085453.22382-2-juerg.haefliger@canonical.com>","MIME-Version":"1.0","Content-Disposition":"inline","In-Reply-To":"<20170906085453.22382-2-juerg.haefliger@canonical.com>","User-Agent":"NeoMutt/20170113 (1.7.2)","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"kernel-team@lists.ubuntu.com","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"base64","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}},{"id":1764211,"web_url":"http://patchwork.ozlabs.org/comment/1764211/","msgid":"<6a9984d9-7c2f-9038-799c-01ebb440f3a4@canonical.com>","list_archive_url":null,"date":"2017-09-06T15:41:50","subject":"Re: [trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit when\n\tsetting file permissions","submitter":{"id":71819,"url":"http://patchwork.ozlabs.org/api/people/71819/","name":"Juerg Haefliger","email":"juerg.haefliger@canonical.com"},"content":"On 09/06/2017 03:40 PM, Thadeu Lima de Souza Cascardo wrote:\n> On Wed, Sep 06, 2017 at 10:54:53AM +0200, Juerg Haefliger wrote:\n>> From: Jan Kara \n>>\n>> commit 073931017b49d9458aa351605b43a7e34598caef upstream.\n>>\n>> When file permissions are modified via chmod(2) and the user is not in\n>> the owning group or capable of CAP_FSETID, the setgid bit is cleared in\n>> inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file\n>> permissions as well as the new ACL, but doesn't clear the setgid bit in\n>> a similar way; this allows to bypass the check in chmod(2). Fix that.\n>>\n>> References: CVE-2016-7097\n>> Reviewed-by: Christoph Hellwig \n>> Reviewed-by: Jeff Layton \n>> Signed-off-by: Jan Kara \n>> Signed-off-by: Andreas Gruenbacher \n>> [bwh: Backported to 3.16:\n>> - Drop changes to orangefs\n>> - Adjust context\n>> - Update ext3 as well]\n>> Signed-off-by: Ben Hutchings \n>>\n>> CVE-2016-7097\n>>\n>> [juergh: Backported to 3.13:\n>> - Drop changes to ceph\n>> - Use capable() instead of capable_wrt_inode_uidgid()\n> \n> We have capable_wrt_inode_uidgid in trusty. Why didn't you use it?\n\nBecause I was looking at upstream 3.13 and not trusty 3.13. Duh.\n\n...Juerg\n\n> Cascardo.\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com\n\t(client-ip=91.189.94.19; helo=huckleberry.canonical.com;\n\tenvelope-from=kernel-team-bounces@lists.ubuntu.com;\n\treceiver=)","Received":["from huckleberry.canonical.com (huckleberry.canonical.com\n\t[91.189.94.19])\n\tby ozlabs.org (Postfix) with ESMTP id 3xnSWF1N1rz9t5C;\n\tThu, 7 Sep 2017 01:42:01 +1000 (AEST)","from localhost ([127.0.0.1] helo=huckleberry.canonical.com)\n\tby huckleberry.canonical.com with esmtp (Exim 4.86_2)\n\t(envelope-from )\n\tid 1dpcSh-00023b-6d; Wed, 06 Sep 2017 15:41:55 +0000","from youngberry.canonical.com ([91.189.89.112])\n\tby huckleberry.canonical.com with esmtps\n\t(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)\n\t(Exim 4.86_2) (envelope-from )\n\tid 1dpcSf-00023Q-Ev\n\tfor kernel-team@lists.ubuntu.com; Wed, 06 Sep 2017 15:41:53 +0000","from mail-wm0-f70.google.com ([74.125.82.70])\n\tby youngberry.canonical.com with esmtps\n\t(TLS1.0:RSA_AES_128_CBC_SHA1:16)\n\t(Exim 4.76) (envelope-from )\n\tid 1dpcSf-0000Vi-7x\n\tfor kernel-team@lists.ubuntu.com; Wed, 06 Sep 2017 15:41:53 +0000","by mail-wm0-f70.google.com with SMTP id t190so2371951wmt.6\n\tfor ;\n\tWed, 06 Sep 2017 08:41:53 -0700 (PDT)","from [192.168.1.99] (adsl-84-227-115-101.adslplus.ch.\n\t[84.227.115.101]) by smtp.gmail.com with ESMTPSA id\n\ti93sm1397686edc.53.2017.09.06.08.41.51\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tWed, 06 Sep 2017 08:41:52 -0700 (PDT)"],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:subject:to:references:cc:from:message-id:date\n\t:user-agent:mime-version:in-reply-to;\n\tbh=0zWtzdiLrmfykWRx7aGEQnNXJEb/6z3MGU1oKyRpB6s=;\n\tb=mBG+aynMZbSuHL1/2M+jM1JCdwSZP1Ye2561wKt41aDZZ0m1FrxcVSskxSWVjpza5A\n\tl72vYjpJNxTnyAnXu7FqxRc4ywZdw7fFyG0thA01PeugzchNvxUksJG6kQylsW6ULqo7\n\t8BfoUZw8UKIXsuzczU9vm+Ys9GJLodDQYvA8g3gJxQEY4ZgixIlYmYWcR17IY5qWD7qY\n\tl4O+ODIQDckqPslN0I4LY+uXf5bSmmCnRXhO5Ah2ktZx0w9v24G/Nb5N3APEzWsLq4CW\n\tGkzGs5vSbIjiN3oRjqolS5k3hJxizRbpFAo5DdedFv51ZsjFQ/SDMIgL+rQK69n/KwSK\n\tmo+Q==","X-Gm-Message-State":"AHPjjUh04+l+S1iwYdpjQKZXoD2wGe1nZhiIKw0xiblBXTybU5uj2o0d\n\tsUgyz+aePs6hXhHDR7XIUnDMPrPZDlCbGH4SKoYC0g8bdPlQWDjnFBhXWRkkH1yjcbdRQ6TR9Rf\n\tCIMoPYe41W3HKIPkFDMYv+ItwzVY7dPAK","X-Received":["by 10.80.213.9 with SMTP id u9mr112598edi.87.1504712512792;\n\tWed, 06 Sep 2017 08:41:52 -0700 (PDT)","by 10.80.213.9 with SMTP id u9mr112589edi.87.1504712512618;\n\tWed, 06 Sep 2017 08:41:52 -0700 (PDT)"],"X-Google-Smtp-Source":"ADKCNb4VAj95rR47T5V0GJFKktCzYcz+pjLoSGIwTzJsX8fXV5efJrJZkdJ1ark2GRaSRMUeM8zWlg==","Subject":"Re: [trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit when\n\tsetting file permissions","To":"Thadeu Lima de Souza Cascardo ","References":"<20170906085453.22382-1-juerg.haefliger@canonical.com>\n\t<20170906085453.22382-2-juerg.haefliger@canonical.com>\n\t<20170906134038.gbmkc5anuhwnvb2o@calabresa>","From":"Juerg Haefliger ","Message-ID":"<6a9984d9-7c2f-9038-799c-01ebb440f3a4@canonical.com>","Date":"Wed, 6 Sep 2017 17:41:50 +0200","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101\n\tThunderbird/45.8.0","MIME-Version":"1.0","In-Reply-To":"<20170906134038.gbmkc5anuhwnvb2o@calabresa>","X-BeenThere":"kernel-team@lists.ubuntu.com","X-Mailman-Version":"2.1.20","Precedence":"list","List-Id":"Kernel team discussions ","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"kernel-team@lists.ubuntu.com","Content-Type":"multipart/mixed;\n\tboundary=\"===============6298307322836073808==\"","Errors-To":"kernel-team-bounces@lists.ubuntu.com","Sender":"\"kernel-team\" "}}]