linux/fs/orangefs
Jan Kara 073931017b posix_acl: Clear SGID bit when setting file permissions
When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok().  Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2).  Fix that.

References: CVE-2016-7097
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
2016-09-22 10:55:32 +02:00
..
acl.c posix_acl: Clear SGID bit when setting file permissions 2016-09-22 10:55:32 +02:00
dcache.c orangefs: Account for jiffies wraparound. 2016-08-02 15:39:13 -04:00
devorangefs-req.c orangefs: fix namespace handling 2016-07-05 15:47:43 -04:00
dir.c orangefs: remove unused variable 2016-04-08 15:50:44 -04:00
downcall.h orangefs: use ORANGEFS_NAME_LEN everywhere; remove ORANGEFS_NAME_MAX 2016-02-24 17:07:50 -05:00
file.c orangefs: Remove useless xattr prefix arguments 2016-07-05 15:47:27 -04:00
inode.c orangefs: Cache getattr results. 2016-08-02 15:38:45 -04:00
Kconfig Orangefs: kernel client part 7 2015-10-03 11:40:00 -04:00
Makefile Orangefs: change pvfs2 filenames to orangefs 2015-12-04 12:56:14 -05:00
namei.c orangefs: Account for jiffies wraparound. 2016-08-02 15:39:13 -04:00
orangefs-bufmap.c mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
orangefs-bufmap.h orangefs-bufmap.h: trim unused junk 2016-03-25 22:30:54 -04:00
orangefs-cache.c orangefs: fix namespace handling 2016-07-05 15:47:43 -04:00
orangefs-debug.h Orangef: remove overlooked old-style userspace debug parts 2015-12-11 11:00:12 -05:00
orangefs-debugfs.c Orangefs: fix ifnullfree.cocci warnings 2016-04-08 14:08:38 -04:00
orangefs-debugfs.h Orangefs: change pvfs2 filenames to orangefs 2015-12-04 12:56:14 -05:00
orangefs-dev-proto.h orangefs: use ORANGEFS_NAME_LEN everywhere; remove ORANGEFS_NAME_MAX 2016-02-24 17:07:50 -05:00
orangefs-kernel.h orangefs: Allow dcache and getattr cache time to be configured. 2016-08-02 15:38:46 -04:00
orangefs-mod.c orangefs: Change default dcache and getattr timeout to 50 msec. 2016-08-02 15:38:47 -04:00
orangefs-sysfs.c orangefs: Allow dcache and getattr cache time to be configured. 2016-08-02 15:38:46 -04:00
orangefs-sysfs.h Orangefs: change pvfs2 filenames to orangefs 2015-12-04 12:56:14 -05:00
orangefs-utils.c orangefs: Account for jiffies wraparound. 2016-08-02 15:39:13 -04:00
protocol.h orangefs: Cache getattr results. 2016-08-02 15:38:45 -04:00
super.c orangefs: fix orangefs_superblock locking 2016-03-26 07:22:00 -04:00
symlink.c orangefs: constify inode_operations 2016-05-29 19:07:00 -04:00
upcall.h orangefs: remove vestigial async io code 2016-02-24 17:07:50 -05:00
waitqueue.c Orangefs: improve gossip statements 2016-03-03 13:46:48 -05:00
xattr.c orangefs: fix namespace handling 2016-07-05 15:47:43 -04:00