| Message ID | 20200909192104.87243-1-cascardo@canonical.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,Focal:oem-5.6] nfsd: apply umask on fs without ACL support | expand |
On 09/09/2020 20:21, Thadeu Lima de Souza Cascardo wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > The server is failing to apply the umask when creating new objects on > filesystems without ACL support. > > To reproduce this, you need to use NFSv4.2 and a client and server > recent enough to support umask, and you need to export a filesystem that > lacks ACL support (for example, ext4 with the "noacl" mount option). > > Filesystems with ACL support are expected to take care of the umask > themselves (usually by calling posix_acl_create). > > For filesystems without ACL support, this is up to the caller of > vfs_create(), vfs_mknod(), or vfs_mkdir(). > > Reported-by: Elliott Mitchell <ehem+debian@m5p.com> > Reported-by: Salvatore Bonaccorso <carnil@debian.org> > Tested-by: Salvatore Bonaccorso <carnil@debian.org> > Fixes: 47057abde515 ("nfsd: add support for the umask attribute") > Cc: stable@vger.kernel.org > Signed-off-by: J. Bruce Fields <bfields@redhat.com> > (cherry picked from commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832) > CVE-2020-24394 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > fs/nfsd/vfs.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c > index 0aa02eb18bd3..8fa3e0ff3671 100644 > --- a/fs/nfsd/vfs.c > +++ b/fs/nfsd/vfs.c > @@ -1225,6 +1225,9 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, > iap->ia_mode = 0; > iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; > > + if (!IS_POSIXACL(dirp)) > + iap->ia_mode &= ~current_umask(); > + > err = 0; > host_err = 0; > switch (type) { > @@ -1457,6 +1460,9 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, > goto out; > } > > + if (!IS_POSIXACL(dirp)) > + iap->ia_mode &= ~current_umask(); > + > host_err = vfs_create(dirp, dchild, iap->ia_mode, true); > if (host_err < 0) { > fh_drop_write(fhp); > Clean cherry pick, looks fine to me. Acked-by: Colin Ian King <colin.king@canonical.com>
On 09.09.20 21:21, Thadeu Lima de Souza Cascardo wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > The server is failing to apply the umask when creating new objects on > filesystems without ACL support. > > To reproduce this, you need to use NFSv4.2 and a client and server > recent enough to support umask, and you need to export a filesystem that > lacks ACL support (for example, ext4 with the "noacl" mount option). > > Filesystems with ACL support are expected to take care of the umask > themselves (usually by calling posix_acl_create). > > For filesystems without ACL support, this is up to the caller of > vfs_create(), vfs_mknod(), or vfs_mkdir(). > > Reported-by: Elliott Mitchell <ehem+debian@m5p.com> > Reported-by: Salvatore Bonaccorso <carnil@debian.org> > Tested-by: Salvatore Bonaccorso <carnil@debian.org> > Fixes: 47057abde515 ("nfsd: add support for the umask attribute") > Cc: stable@vger.kernel.org > Signed-off-by: J. Bruce Fields <bfields@redhat.com> > (cherry picked from commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832) > CVE-2020-24394 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> > --- > fs/nfsd/vfs.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c > index 0aa02eb18bd3..8fa3e0ff3671 100644 > --- a/fs/nfsd/vfs.c > +++ b/fs/nfsd/vfs.c > @@ -1225,6 +1225,9 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, > iap->ia_mode = 0; > iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; > > + if (!IS_POSIXACL(dirp)) > + iap->ia_mode &= ~current_umask(); > + > err = 0; > host_err = 0; > switch (type) { > @@ -1457,6 +1460,9 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, > goto out; > } > > + if (!IS_POSIXACL(dirp)) > + iap->ia_mode &= ~current_umask(); > + > host_err = vfs_create(dirp, dchild, iap->ia_mode, true); > if (host_err < 0) { > fh_drop_write(fhp); >
On 9.9.2020 22.21, Thadeu Lima de Souza Cascardo wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > The server is failing to apply the umask when creating new objects on > filesystems without ACL support. > > To reproduce this, you need to use NFSv4.2 and a client and server > recent enough to support umask, and you need to export a filesystem that > lacks ACL support (for example, ext4 with the "noacl" mount option). > > Filesystems with ACL support are expected to take care of the umask > themselves (usually by calling posix_acl_create). > > For filesystems without ACL support, this is up to the caller of > vfs_create(), vfs_mknod(), or vfs_mkdir(). > > Reported-by: Elliott Mitchell <ehem+debian@m5p.com> > Reported-by: Salvatore Bonaccorso <carnil@debian.org> > Tested-by: Salvatore Bonaccorso <carnil@debian.org> > Fixes: 47057abde515 ("nfsd: add support for the umask attribute") > Cc: stable@vger.kernel.org > Signed-off-by: J. Bruce Fields <bfields@redhat.com> > (cherry picked from commit 22cf8419f1319ff87ec759d0ebdff4cbafaee832) > CVE-2020-24394 > Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> > --- > fs/nfsd/vfs.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c > index 0aa02eb18bd3..8fa3e0ff3671 100644 > --- a/fs/nfsd/vfs.c > +++ b/fs/nfsd/vfs.c > @@ -1225,6 +1225,9 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, > iap->ia_mode = 0; > iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; > > + if (!IS_POSIXACL(dirp)) > + iap->ia_mode &= ~current_umask(); > + > err = 0; > host_err = 0; > switch (type) { > @@ -1457,6 +1460,9 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, > goto out; > } > > + if (!IS_POSIXACL(dirp)) > + iap->ia_mode &= ~current_umask(); > + > host_err = vfs_create(dirp, dchild, iap->ia_mode, true); > if (host_err < 0) { > fh_drop_write(fhp); > applied to oem-5.6, thanks
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 0aa02eb18bd3..8fa3e0ff3671 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -1225,6 +1225,9 @@ nfsd_create_locked(struct svc_rqst *rqstp, struct svc_fh *fhp, iap->ia_mode = 0; iap->ia_mode = (iap->ia_mode & S_IALLUGO) | type; + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + err = 0; host_err = 0; switch (type) { @@ -1457,6 +1460,9 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, goto out; } + if (!IS_POSIXACL(dirp)) + iap->ia_mode &= ~current_umask(); + host_err = vfs_create(dirp, dchild, iap->ia_mode, true); if (host_err < 0) { fh_drop_write(fhp);