mirros/rockchip-kernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1b195eb6be189e878048ba92dabdc4a79fa358de
rockchip-kernel/fs
History
Jan Kara 0c452d7fdc BACKPORT: posix_acl: Clear SGID bit when setting file permissions 
(cherry pick from commit 073931017b)

When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok().  Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2).  Fix that.

NB: conflicts resolution included extending the change to all visible
    users of the near deprecated function posix_acl_equiv_mode
    replaced with posix_acl_update_mode. We did not resolve the ACL
    leak in this CL, require additional upstream fixes.

References: CVE-2016-7097
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Bug: 32458736
2017-04-05 security patch level
Change-Id: I19591ad452cc825ac282b3cfd2daaa72aa9a1ac1
2017-05-23 14:27:33 +08:00
..
9p
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
adfs
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
affs
Merge branch 'linux-linaro-lsk-v3.10' into linux-linaro-lsk-v3.10-android
2015-05-12 15:18:24 +08:00
afs
mm: change invalidatepage prototype to accept length
2015-05-28 21:51:06 -04:00
autofs4
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
befs
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
bfs
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
btrfs
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
cachefiles
lift sb_start_write() out of ->write()
2013-04-09 14:12:56 -04:00
ceph
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
cifs
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
coda
Merge branch 'linux-linaro-lsk-v3.10' into linux-linaro-lsk-v3.10-android
2015-05-12 15:18:24 +08:00
configfs
configfs: fix race between dentry put and lookup
2013-11-29 11:11:53 -08:00
cramfs
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
debugfs
Merge branch 'linux-linaro-lsk-v3.10' into linux-linaro-lsk-v3.10-android
2015-05-12 15:18:24 +08:00
devpts
Merge tag 'v3.10.103'
2016-10-07 21:31:52 +08:00
dlm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2013-05-01 14:08:52 -07:00
ecryptfs
BACKPORT: fs: limit filesystem stacking depth
2017-05-23 14:26:40 +08:00
efivarfs
efi: Make efivarfs entries immutable by default
2016-03-16 08:41:37 -07:00
efs
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
exofs
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
exportfs
Merge branch 'linux-linaro-lsk-v3.10' into linux-linaro-lsk-v3.10-android
2015-05-12 15:18:24 +08:00
ext2
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
ext3
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
ext4
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
f2fs
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
fat
fat: Fix remame file appear 0KB bug.
2017-03-13 10:31:42 +08:00
freevxfs
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
fscache
FS-Cache: Increase reference of parent after registering, netfs success
2016-02-19 14:22:41 -08:00
fuse
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
gfs2
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
hfs
Merge branch 'linux-linaro-lsk-v3.10' into linux-linaro-lsk-v3.10-android
2015-10-14 13:41:57 -07:00
hfsplus
Merge branch 'linux-linaro-lsk-v3.10' into linux-linaro-lsk-v3.10-android
2015-10-14 13:41:57 -07:00
hostfs
uml: fix hostfs mknod()
2016-03-03 15:06:23 -08:00
hpfs
Merge branch 'linux-linaro-lsk-v3.10' into linux-linaro-lsk-v3.10-android
2015-10-14 13:41:57 -07:00
hppfs
rk: revert 20f3d0b+v3.0.66 to v3.0
2013-11-08 21:34:05 +08:00
hugetlbfs
cope with potentially long ->d_dname() output for shmem/hugetlb
2014-04-23 17:03:01 -07:00
isofs
get_rock_ridge_filename(): handle malformed NM entries
2016-06-07 10:42:53 +02:00
jbd
rk: revert 20f3d0b+v3.0.66 to v3.0
2013-11-08 21:34:05 +08:00
jbd2
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
jffs2
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
jfs
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
lockd
lockd: create NSM handles per net namespace
2016-03-03 15:06:20 -08:00
logfs
mm: change invalidatepage prototype to accept length
2015-05-28 21:51:06 -04:00
minix
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
ncpfs
Merge branch 'linux-linaro-lsk-v3.10' into linux-linaro-lsk-v3.10-android
2015-05-12 15:18:24 +08:00
nfs
Revert "fs: nfs: replace inode_dio_done with inode_dio_end"
2016-10-21 14:01:40 +08:00
nfs_common
nfsd
Merge branch 'linaro-android-3.10-lsk' of
2015-03-16 15:52:47 +08:00
nilfs2
Merge tag 'v3.10.103'
2016-10-07 21:31:52 +08:00
nls
rk: temp revert rk change
2013-11-08 21:33:42 +08:00
notify
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
ntfs
mm: change invalidatepage prototype to accept length
2015-05-28 21:51:06 -04:00
ocfs2
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
omfs
fs, omfs: add NULL terminator in the end up the token list
2015-06-05 23:19:54 -07:00
openpromfs
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
proc
fs/proc/array.c: make safe access to group_leader
2017-01-06 19:41:44 +08:00
pstore
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
qnx4
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
qnx6
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
quota
quota: provide interface for readding allocated space into reserved space
2015-01-29 17:40:57 -08:00
ramfs
rk: revert 20f3d0b+v3.0.66 to v3.0
2013-11-08 21:34:05 +08:00
reiserfs
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
romfs
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
sdcardfs
ANDROID: sdcardfs: fix itnull.cocci warnings
2016-07-11 13:03:28 -07:00
squashfs
Squashfs: Add LZ4 compression configuration option
2015-03-04 11:27:29 -08:00
sysfs
sysfs: add sysfs_create/remove_groups()
2015-09-01 11:11:27 +08:00
sysv
Merge tag 'v3.10.103'
2016-10-07 21:31:52 +08:00
ubifs
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
udf
Merge tag 'v3.10.103'
2016-10-07 21:31:52 +08:00
ufs
fs: push sync_filesystem() down to the file system's remount_fs()
2015-03-04 11:26:46 -08:00
xfs
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
aio.c
BACKPORT: aio: mark AIO pseudo-fs noexec
2017-01-09 10:10:02 +08:00
anon_inodes.c
attr.c
UPSTREAM: fs,userns: Change inode_capable to capable_wrt_inode_uidgid
2016-09-28 14:41:32 -07:00
bad_inode.c
binfmt_aout.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
binfmt_elf_fdpic.c
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
2013-05-02 10:16:16 -07:00
binfmt_elf.c
binfmt_elf: Don't clobber passed executable's file header
2016-02-19 14:22:41 -08:00
binfmt_em86.c
binfmt_flat.c
new helper: read_code()
2013-04-29 15:40:23 -04:00
binfmt_misc.c
rk: revert 20f3d0b+v3.0.66 to v3.0
2013-11-08 21:34:05 +08:00
binfmt_script.c
rk: revert 20f3d0b+v3.0.66 to v3.0
2013-11-08 21:34:05 +08:00
binfmt_som.c
bio-integrity.c
bio-integrity: Fix bio_integrity_verify segment start bug
2014-03-23 21:38:21 -07:00
bio.c
block: Fix bio_copy_data()
2013-10-05 07:13:09 -07:00
block_dev.c
Revert "direct-io: only inc/dec inode->i_dio_count for file systems"
2016-10-21 10:44:06 +08:00
buffer.c
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
char_dev.c
compat_binfmt_elf.c
binfmt_elf: add ELF_HWCAP2 to compat auxv entries
2014-09-11 17:21:24 +00:00
compat_ioctl.c
rk: revert 20f3d0b+v3.0.66 to v3.0
2013-11-08 21:34:05 +08:00
compat.c
[readdir] constify ->actor
2015-03-04 11:19:34 -08:00
coredump.c
fs: if a coredump already exists, unlink and recreate with O_EXCL
2015-10-01 12:07:32 +02:00
coredump.h
dcache.c
fix d_walk()/non-delayed __d_free() race
2016-08-27 11:39:59 +02:00
dcookies.c
fs/compat: fix lookup_dcookie() parameter handling
2014-02-13 13:48:00 -08:00
direct-io.c
Revert "fs: direct-io: convert rw from READ to KERNEL_READ"
2016-11-13 11:51:28 +08:00
drop_caches.c
eventfd.c
eventpoll.c
epoll: drop EPOLLWAKEUP if PM_SLEEP is disabled
2013-11-25 11:05:09 -08:00
exec.c
Merge branch 'linux-linaro-lsk-v3.10' into linux-linaro-lsk-v3.10-android
2015-08-14 09:55:00 -07:00
fcntl.c
fhandle.c
vfs: read file_handle only once in handle_to_path
2015-06-05 23:20:00 -07:00
file_table.c
get rid of s_files and files_lock
2015-07-03 19:48:08 -07:00
file.c
fs/file.c:fdtable: avoid triggering OOMs from alloc_fdmem
2014-02-22 12:41:25 -08:00
filesystems.c
fs: Limit sys_mount to only request filesystem modules.
2013-03-03 19:36:31 -08:00
fs_struct.c
constify path_get/path_put and fs_struct.c stuff
2013-03-01 23:51:07 -05:00
fs-writeback.c
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
generic_acl.c
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
inode.c
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
internal.h
get rid of s_files and files_lock
2015-07-03 19:48:08 -07:00
ioctl.c
ioprio.c
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
Kconfig
Initial port of sdcardfs
2016-03-21 21:00:08 -07:00
Kconfig.binfmt
fs: make binfmt support for #! scripts modular and removable
2013-04-30 17:04:04 -07:00
libfs.c
move d_rcu from overlapping d_child to overlapping d_alias
2015-04-29 10:34:00 +02:00
locks.c
locks: fix unlock when fcntl_setlk races with a close
2016-03-09 15:31:53 -08:00
Makefile
Initial port of sdcardfs
2016-03-21 21:00:08 -07:00
mbcache.c
mount.h
vfs: Is mounted should be testing mnt_ns for NULL or error.
2014-02-06 11:08:16 -08:00
mpage.c
namei.c
UPSTREAM: fs,userns: Change inode_capable to capable_wrt_inode_uidgid
2016-09-28 14:41:32 -07:00
namespace.c
umount: Disallow unprivileged mount force
2015-01-08 09:58:16 -08:00
no-block.c
open.c
get rid of s_files and files_lock
2015-07-03 19:48:08 -07:00
pipe.c
pipe: limit the per-user amount of pages allocated in pipes
2016-08-21 23:22:36 +02:00
pnode.c
vfs: Fix invalid ida_remove() call
2013-05-31 15:16:33 -04:00
pnode.h
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2013-05-01 17:51:54 -07:00
posix_acl.c
BACKPORT: posix_acl: Clear SGID bit when setting file permissions
2017-05-23 14:27:33 +08:00
proc_namespace.c
read_write.c
fs/compat: fix parameter handling for compat readv/writev syscalls
2014-02-13 13:48:00 -08:00
readdir.c
[readdir] constify ->actor
2015-03-04 11:19:34 -08:00
select.c
select: use freezable blocking call
2013-07-01 15:45:28 -07:00
seq_file.c
Merge remote-tracking branch 'lsk/v3.10/topic/aosp' into linux-linaro-lsk-android
2014-09-08 12:05:48 +01:00
signalfd.c
signalfd: fix information leak in signalfd_copyinfo
2015-08-16 20:51:42 -07:00
splice.c
splice: handle zero nr_pages in splice_to_pipe()
2016-06-07 10:42:46 +02:00
stack.c
stat.c
quota: provide interface for readding allocated space into reserved space
2015-01-29 17:40:57 -08:00
statfs.c
rk: revert 20f3d0b+v3.0.66 to v3.0
2013-11-08 21:34:05 +08:00
super.c
Merge branch 'android-3.10' of https://android.googlesource.com/kernel/common
2016-10-21 11:27:28 +08:00
sync.c
teach SYSCALL_DEFINE<n> how to deal with long long/unsigned long long
2013-03-03 22:46:22 -05:00
timerfd.c
timerfd: support CLOCK_BOOTTIME clock
2013-12-13 23:04:58 +00:00
utimes.c
xattr_acl.c
xattr.c