| Message ID | 1498546329-15667-2-git-send-email-po-hsu.lin@canonical.com |
|---|---|
| State | New |
| Headers | show |
On 27.06.2017 08:52, Po-Hsu Lin wrote: > From: Gu Zheng <guzheng1@huawei.com> > > CVE-2017-5551 > > This change was missed the tmpfs modification in In CVE-2016-7097 > commit 073931017b49 ("posix_acl: Clear SGID bit when setting > file permissions") > It can test by xfstest generic/375, which failed to clear > setgid bit in the following test case on tmpfs: > > touch $testfile > chown 100:100 $testfile > chmod 2755 $testfile > _runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile > > Signed-off-by: Gu Zheng <guzheng1@huawei.com> > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> > (cherry picked from commit 497de07d89c1410d76a15bec2bb41f24a2a89f31) > > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> > --- > fs/posix_acl.c | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > > diff --git a/fs/posix_acl.c b/fs/posix_acl.c > index adf1e18..df15c56 100644 > --- a/fs/posix_acl.c > +++ b/fs/posix_acl.c > @@ -931,11 +931,10 @@ int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type) > int error; > > if (type == ACL_TYPE_ACCESS) { > - error = posix_acl_equiv_mode(acl, &inode->i_mode); > - if (error < 0) > - return 0; > - if (error == 0) > - acl = NULL; > + error = posix_acl_update_mode(inode, > + &inode->i_mode, &acl); > + if (error) > + return error; > } > > inode->i_ctime = CURRENT_TIME; >
On 27/06/17 07:52, Po-Hsu Lin wrote: > From: Gu Zheng <guzheng1@huawei.com> > > CVE-2017-5551 > > This change was missed the tmpfs modification in In CVE-2016-7097 > commit 073931017b49 ("posix_acl: Clear SGID bit when setting > file permissions") > It can test by xfstest generic/375, which failed to clear > setgid bit in the following test case on tmpfs: > > touch $testfile > chown 100:100 $testfile > chmod 2755 $testfile > _runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile > > Signed-off-by: Gu Zheng <guzheng1@huawei.com> > Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> > (cherry picked from commit 497de07d89c1410d76a15bec2bb41f24a2a89f31) > > Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com> > --- > fs/posix_acl.c | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > > diff --git a/fs/posix_acl.c b/fs/posix_acl.c > index adf1e18..df15c56 100644 > --- a/fs/posix_acl.c > +++ b/fs/posix_acl.c > @@ -931,11 +931,10 @@ int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type) > int error; > > if (type == ACL_TYPE_ACCESS) { > - error = posix_acl_equiv_mode(acl, &inode->i_mode); > - if (error < 0) > - return 0; > - if (error == 0) > - acl = NULL; > + error = posix_acl_update_mode(inode, > + &inode->i_mode, &acl); > + if (error) > + return error; > } > > inode->i_ctime = CURRENT_TIME; > Acked-by: Colin Ian King <colin.king@canonical.com>
Applied to yakkety master-next branch. Thanks. Cascardo.
diff --git a/fs/posix_acl.c b/fs/posix_acl.c index adf1e18..df15c56 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -931,11 +931,10 @@ int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type) int error; if (type == ACL_TYPE_ACCESS) { - error = posix_acl_equiv_mode(acl, &inode->i_mode); - if (error < 0) - return 0; - if (error == 0) - acl = NULL; + error = posix_acl_update_mode(inode, + &inode->i_mode, &acl); + if (error) + return error; } inode->i_ctime = CURRENT_TIME;