| commit | 24ae40c98daa6519d3c900788f7076490cf56f59 | |
| author | Ben Hutchings <ben@decadent.org.uk> | |
| Wed, 22 Jun 2016 18:43:35 +0000 (22 19:43 +0100) | ||
| committer | Ben Hutchings <ben@decadent.org.uk> | |
| Mon, 22 Aug 2016 21:38:20 +0000 (22 22:38 +0100) | ||
| tree | 6e421845642174ff546752d00209a1c057425c41 | treesnapshot (tar.gz zip) |
| parent | 8e31c40b13640f7990ae0038ae4e7a6685998e3a | commitdiff |
nfsd: check permissions when setting ACLs
commit 999653786df6954a31044528ac3f7a5dadca08f4 upstream.
Use set_posix_acl, which includes proper permission checks, instead of
calling ->set_acl directly. Without this anyone may be able to grant
themselves permissions to a file by setting the ACL.
Lock the inode to make the new checks atomic with respect to set_acl.
(Also, nfsd was the only caller of set_acl not locking the inode, so I
suspect this may fix other races.)
This also simplifies the code, and ensures our ACLs are checked by
posix_acl_valid.
The permission checks and the inode locking were lost with commit
4ac7249e, which changed nfsd to use the set_acl inode operation directly
instead of going through xattr handlers.
Reported-by: David Sinquin <david@sinquin.eu>
[agreunba@redhat.com: use set_posix_acl]
Fixes: 4ac7249e
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
[carnil: backport for 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
commit 999653786df6954a31044528ac3f7a5dadca08f4 upstream.
Use set_posix_acl, which includes proper permission checks, instead of
calling ->set_acl directly. Without this anyone may be able to grant
themselves permissions to a file by setting the ACL.
Lock the inode to make the new checks atomic with respect to set_acl.
(Also, nfsd was the only caller of set_acl not locking the inode, so I
suspect this may fix other races.)
This also simplifies the code, and ensures our ACLs are checked by
posix_acl_valid.
The permission checks and the inode locking were lost with commit
4ac7249e, which changed nfsd to use the set_acl inode operation directly
instead of going through xattr handlers.
Reported-by: David Sinquin <david@sinquin.eu>
[agreunba@redhat.com: use set_posix_acl]
Fixes: 4ac7249e
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
[carnil: backport for 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
| fs/nfsd/nfs2acl.c | diffblobblamehistory | |
| fs/nfsd/nfs3acl.c | diffblobblamehistory | |
| fs/nfsd/nfs4acl.c | diffblobblamehistory |