Commit Graph

6 Commits

Author SHA1 Message Date
Jan Kara 073931017b posix_acl: Clear SGID bit when setting file permissions
When file permissions are modified via chmod(2) and the user is not in
the owning group or capable of CAP_FSETID, the setgid bit is cleared in
inode_change_ok().  Setting a POSIX ACL via setxattr(2) sets the file
permissions as well as the new ACL, but doesn't clear the setgid bit in
a similar way; this allows to bypass the check in chmod(2).  Fix that.

References: CVE-2016-7097
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
2016-09-22 10:55:32 +02:00
Andreas Gruenbacher d373a712c1 orangefs: Remove useless xattr prefix arguments
Mike,

On Fri, Jun 3, 2016 at 9:44 PM, Mike Marshall <hubcap@omnibond.com> wrote:
> We use the return value in this one line you changed, our userspace code gets
> ill when we send it (-ENOMEM +1) as a key length...

ah, my mistake.  Here's a fixed version.

Thanks,
Andreas

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
2016-07-05 15:47:27 -04:00
Andreas Gruenbacher 972a7344fc orangefs: Remove useless defines
The ORANGEFS_XATTR_INDEX_ defines are unused; the ORANGEFS_XATTR_NAME_
defines only obfuscate the code.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
2016-07-05 15:47:16 -04:00
Mike Marshall 575e946125 Orangefs: change pvfs2 filenames to orangefs
Also changed references within source files that referred to
header files whose names had changed.

Signed-off-by: Mike Marshall <hubcap@omnibond.com>
2015-12-04 12:56:14 -05:00
Yi Liu 8bb8aefd5a OrangeFS: Change almost all instances of the string PVFS2 to OrangeFS.
OrangeFS was formerly known as PVFS2 and retains the name in many places.

I leave the device /dev/pvfs2-req since this affects userspace.

I leave the filesystem type pvfs2 since this affects userspace. Further
the OrangeFS sysint library reads fstab for an entry of type pvfs2
independently of kernel mounts.

I leave extended attribute keys user.pvfs2 and system.pvfs2 as the
sysint library understands these.

I leave references to userspace binaries still named pvfs2.

I leave the filenames.

Signed-off-by: Yi Liu <yi9@clemson.edu>
[martin@omnibond.com: clairify above constraints and merge]
Signed-off-by: Martin Brandenburg <martin@omnibond.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
2015-12-03 14:45:44 -05:00
Mike Marshall 5db11c21a9 Orangefs: kernel client part 2
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
2015-10-03 11:39:54 -04:00