[trusty CVE-2016-7097 1/1] posix_acl: Clear SGID bit when setting file permissions
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Wed Sep 6 13:40:39 UTC 2017
On Wed, Sep 06, 2017 at 10:54:53AM +0200, Juerg Haefliger wrote:
> From: Jan Kara <jack at suse.cz>
>
> commit 073931017b49d9458aa351605b43a7e34598caef upstream.
>
> When file permissions are modified via chmod(2) and the user is not in
> the owning group or capable of CAP_FSETID, the setgid bit is cleared in
> inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file
> permissions as well as the new ACL, but doesn't clear the setgid bit in
> a similar way; this allows to bypass the check in chmod(2). Fix that.
>
> References: CVE-2016-7097
> Reviewed-by: Christoph Hellwig <hch at lst.de>
> Reviewed-by: Jeff Layton <jlayton at redhat.com>
> Signed-off-by: Jan Kara <jack at suse.cz>
> Signed-off-by: Andreas Gruenbacher <agruenba at redhat.com>
> [bwh: Backported to 3.16:
> - Drop changes to orangefs
> - Adjust context
> - Update ext3 as well]
> Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
>
> CVE-2016-7097
>
> [juergh: Backported to 3.13:
> - Drop changes to ceph
> - Use capable() instead of capable_wrt_inode_uidgid()
We have capable_wrt_inode_uidgid in trusty. Why didn't you use it?
Cascardo.
More information about the kernel-team
mailing list