/[linux-patches]/genpatches-2.6/trunk/2.6.14/1075_5_nfs-setacl-check-fix.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.14/1075_5_nfs-setacl-check-fix.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 235 - (show annotations) (download) (as text)
Thu Dec 29 16:17:24 2005 UTC (14 years, 11 months ago) by dsd
File MIME type: text/x-diff
File size: 1457 byte(s)
2.6.14.5 thanks to kerframil
1 From: Andreas Gruenbacher <agruen@suse.de>
2 Date: Tue, 20 Dec 2005 15:29:05 +0000 (+0100)
3 Subject: [PATCH] setting ACLs on readonly mounted NFS filesystems (CVE-2005-3623)
4 X-Git-Url: http://kernel.org/git/?p=linux/kernel/git/gregkh/linux-2.6.14.y.git;a=commitdiff;h=0a63dca5ae2f975e08deae7e6c743a477af04367
5
6 [PATCH] setting ACLs on readonly mounted NFS filesystems (CVE-2005-3623)
7
8 We must check for MAY_SATTR before setting acls, which includes
9 checking for read-only exports: the lower-level setxattr operation
10 that eventually sets the acl cannot check export-level restrictions.
11
12 Bug reported by Martin Walter <mawa@uni-freiburg.de>.
13
14 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
15 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
16 ---
17
18 --- a/fs/nfsd/nfs2acl.c
19 +++ b/fs/nfsd/nfs2acl.c
20 @@ -107,7 +107,7 @@ static int nfsacld_proc_setacl(struct sv
21 dprintk("nfsd: SETACL(2acl) %s\n", SVCFH_fmt(&argp->fh));
22
23 fh = fh_copy(&resp->fh, &argp->fh);
24 - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
25 + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR);
26
27 if (!nfserr) {
28 nfserr = nfserrno( nfsd_set_posix_acl(
29 --- a/fs/nfsd/nfs3acl.c
30 +++ b/fs/nfsd/nfs3acl.c
31 @@ -101,7 +101,7 @@ static int nfsd3_proc_setacl(struct svc_
32 int nfserr = 0;
33
34 fh = fh_copy(&resp->fh, &argp->fh);
35 - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
36 + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR);
37
38 if (!nfserr) {
39 nfserr = nfserrno( nfsd_set_posix_acl(

  ViewVC Help
Powered by ViewVC 1.1.20