www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Ben Hutchings <ben@decadent.org.uk>
	Wed, 22 Jun 2016 18:43:35 +0000 (19:43 +0100)
committer	Dhaval Giani <dhaval.giani@oracle.com>
	Fri, 20 Jan 2017 22:22:09 +0000 (17:22 -0500)
commit	0f7ef22769e351de514bebc9eafbde68cfca0bc5
tree	94e1230e1c623d50a0e557294a674f23c44b03fe	tree
parent	6f112cf546e697d7b0546eabd0605bcccfb80542	commit \| diff

nfsd: check permissions when setting ACLs

Orabug: 25308145

[ Upstream commit 999653786df6954a31044528ac3f7a5dadca08f4 ]

Use set_posix_acl, which includes proper permission checks, instead of
calling ->set_acl directly. Without this anyone may be able to grant
themselves permissions to a file by setting the ACL.

Lock the inode to make the new checks atomic with respect to set_acl.
(Also, nfsd was the only caller of set_acl not locking the inode, so I
suspect this may fix other races.)

This also simplifies the code, and ensures our ACLs are checked by
posix_acl_valid.

The permission checks and the inode locking were lost with commit
4ac7249e, which changed nfsd to use the set_acl inode operation directly
instead of going through xattr handlers.

Reported-by: David Sinquin <david@sinquin.eu>
[agreunba@redhat.com: use set_posix_acl]
Fixes: 4ac7249e
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
(cherry picked from commit 28a6d048eb841a6bca10558a6c9e30ec5ca2b1af)
Signed-off-by: Dhaval Giani <dhaval.giani@oracle.com>

fs/nfsd/nfs2acl.c		diff \| blob \| history
fs/nfsd/nfs3acl.c		diff \| blob \| history
fs/nfsd/nfs4acl.c		diff \| blob \| history