blob: be26cfb235e8fa378d7d5c765714367ca95402d1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Description: Setting a POSIX ACL via setxattr doesn't clear the setgid bit
References:
http://www.spinics.net/lists/linux-fsdevel/msg98328.html
http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=1368938
Notes:
carnil> The fix for CVE-2016-7097 seem to have introduced a regresssion
carnil> as claimed in https://savannah.nongnu.org/bugs/?51818#comment1
carnil> and addressed via https://patchwork.ozlabs.org/patch/799154/
carnil> Released in 4.13-rc4 [a3bb2d5587521eea6dab2d05326abb0afb460abd]
carnil> and is CC'ed to stable@vger.kernel.org
carnil> Fixed as well in 4.12.6 [0965d89ebda3d71338ab2573c1a4d784c1e79611]
carnil> More filesystems fixed already earlier, found commits:
carnil> a3bb2d558752 ext4: Don't clear SGID when inheriting ACLs
carnil> 9bcf66c72d72 jfs: Don't clear SGID when inheriting ACLs
carnil> 84969465ddc4 hfsplus: Don't clear SGID when inheriting ACLs
carnil> a992f2d38e4c ext2: Don't clear SGID when inheriting ACLs
carnil> 6883cd7f6824 reiserfs: Don't clear SGID when inheriting ACLs
carnil> c925dc162f77 f2fs: Don't clear SGID when inheriting ACLs
carnil> b7f8a09f8097 btrfs: Don't clear SGID when inheriting ACLs
carnil> 8ba358756aa0 xfs: Don't clear SGID when inheriting ACLs
Bugs:
upstream: released (4.9-rc1) [073931017b49d9458aa351605b43a7e34598caef]
3.16-upstream-stable: released (3.16.39) [posix_acl-clear-sgid-bit-when-setting-file-permissions.patch]
3.2-upstream-stable: released (3.2.84) [posix_acl-clear-sgid-bit-when-setting-file-permissions.patch]
sid: released (4.7.8-1) [bugfix/all/posix_acl-clear-sgid-bit-when-setting-file-permissio.patch]
3.16-jessie-security: released (3.16.39-1)
3.2-wheezy-security: released (3.2.84-1)
|