diff options
author | Andreas Gruenbacher <agruen@suse.de> | 2005-12-20 16:29:05 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2005-12-26 16:08:59 -0800 |
commit | 0a63dca5ae2f975e08deae7e6c743a477af04367 (patch) | |
tree | ea4159295a732a277b99ae4960a1575ef600e6a7 | |
parent | 841f70676036b309f7102e2c8024dc68c3946990 (diff) |
[PATCH] setting ACLs on readonly mounted NFS filesystems (CVE-2005-3623)
We must check for MAY_SATTR before setting acls, which includes
checking for read-only exports: the lower-level setxattr operation
that eventually sets the acl cannot check export-level restrictions.
Bug reported by Martin Walter <mawa@uni-freiburg.de>.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | fs/nfsd/nfs2acl.c | 2 | ||||
-rw-r--r-- | fs/nfsd/nfs3acl.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c index 7cbf0682b2f0..fc95c4df6693 100644 --- a/fs/nfsd/nfs2acl.c +++ b/fs/nfsd/nfs2acl.c @@ -107,7 +107,7 @@ static int nfsacld_proc_setacl(struct svc_rqst * rqstp, dprintk("nfsd: SETACL(2acl) %s\n", SVCFH_fmt(&argp->fh)); fh = fh_copy(&resp->fh, &argp->fh); - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP); + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR); if (!nfserr) { nfserr = nfserrno( nfsd_set_posix_acl( diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c index 64ba40572fea..16e10c170aed 100644 --- a/fs/nfsd/nfs3acl.c +++ b/fs/nfsd/nfs3acl.c @@ -101,7 +101,7 @@ static int nfsd3_proc_setacl(struct svc_rqst * rqstp, int nfserr = 0; fh = fh_copy(&resp->fh, &argp->fh); - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP); + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR); if (!nfserr) { nfserr = nfserrno( nfsd_set_posix_acl( |