[linux] 02/02: tmpfs: clear S_ISGID when setting posix ACLs
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Mon Jan 16 09:11:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch sid
in repository linux.
commit d264d7d5247a489dfb6ae8a521c677a46ae42c6a
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Mon Jan 16 09:30:30 2017 +0100
tmpfs: clear S_ISGID when setting posix ACLs
---
debian/changelog | 1 +
...pfs-clear-S_ISGID-when-setting-posix-ACLs.patch | 45 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 47 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index cfcca67..9efc37f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -242,6 +242,7 @@ linux (4.9.4-1) UNRELEASED; urgency=medium
[ Salvatore Bonaccorso ]
* sysctl: Drop reference added by grab_header in proc_sys_readdir
(CVE-2016-9191)
+ * tmpfs: clear S_ISGID when setting posix ACLs
-- Salvatore Bonaccorso <carnil at debian.org> Mon, 16 Jan 2017 09:26:13 +0100
diff --git a/debian/patches/bugfix/all/tmpfs-clear-S_ISGID-when-setting-posix-ACLs.patch b/debian/patches/bugfix/all/tmpfs-clear-S_ISGID-when-setting-posix-ACLs.patch
new file mode 100644
index 0000000..faec91e
--- /dev/null
+++ b/debian/patches/bugfix/all/tmpfs-clear-S_ISGID-when-setting-posix-ACLs.patch
@@ -0,0 +1,45 @@
+From: Gu Zheng <guzheng1 at huawei.com>
+Date: Mon, 9 Jan 2017 09:34:48 +0800
+Subject: tmpfs: clear S_ISGID when setting posix ACLs
+Origin: https://git.kernel.org/linus/497de07d89c1410d76a15bec2bb41f24a2a89f31
+
+This change was missed the tmpfs modification in In CVE-2016-7097
+commit 073931017b49 ("posix_acl: Clear SGID bit when setting
+file permissions")
+It can test by xfstest generic/375, which failed to clear
+setgid bit in the following test case on tmpfs:
+
+ touch $testfile
+ chown 100:100 $testfile
+ chmod 2755 $testfile
+ _runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile
+
+Signed-off-by: Gu Zheng <guzheng1 at huawei.com>
+Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
+---
+ fs/posix_acl.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/fs/posix_acl.c b/fs/posix_acl.c
+index 5955220..c9d48dc 100644
+--- a/fs/posix_acl.c
++++ b/fs/posix_acl.c
+@@ -922,11 +922,10 @@ int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type)
+ int error;
+
+ if (type == ACL_TYPE_ACCESS) {
+- error = posix_acl_equiv_mode(acl, &inode->i_mode);
+- if (error < 0)
+- return 0;
+- if (error == 0)
+- acl = NULL;
++ error = posix_acl_update_mode(inode,
++ &inode->i_mode, &acl);
++ if (error)
++ return error;
+ }
+
+ inode->i_ctime = current_time(inode);
+--
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index f305704..7db06bf 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -95,6 +95,7 @@ features/all/securelevel/arm64-add-kernel-config-option-to-set-securelevel-wh.pa
# Security fixes
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/sysctl-Drop-reference-added-by-grab_header-in-proc_s.patch
+bugfix/all/tmpfs-clear-S_ISGID-when-setting-posix-ACLs.patch
# Fix exported symbol versions
bugfix/ia64/revert-ia64-move-exports-to-definitions.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list