Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 9451fcb712d98602f9ed47170c17c8c78ae196bd
commit9451fcb712d98602f9ed47170c17c8c78ae196bd[log] [tgz]
authorJan Kara <jack@suse.cz>Mon Sep 19 17:39:09 2016 +0200
committerTeemu Hukkanen <teemu@fairphone.com>Sun Apr 23 20:10:43 2017 +0200
tree574a022d1f50d0a823a6ac52884a37a25ee6fcf7
parent2c9855d7538dd1ff940b4e7ab27d741ca081f975 [diff]
FPII-2974 :[Part 1]Elevation of privilege vulnerability in kernel file system CVE-2016-7097 A-32458736

posix_acl: Clear SGID bit when setting file permissions
When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok().  Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2).  Fix that.

Change-Id: I951bde052791c196f84f568531c494fec33559fb
References: CVE-2016-7097
14 files changed
tree: 574a022d1f50d0a823a6ac52884a37a25ee6fcf7
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS