From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S969244AbdAIB1O (ORCPT ); Sun, 8 Jan 2017 20:27:14 -0500 Received: from szxga02-in.huawei.com ([119.145.14.65]:30130 "EHLO szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965017AbdAIB1M (ORCPT ); Sun, 8 Jan 2017 20:27:12 -0500 Subject: Re: [PATCH] tmpfs: clear S_ISGID when setting posix ACLs To: Jan Kara References: <1483690375-40718-1-git-send-email-guzheng1@huawei.com> <20170106101025.GA3533@quack2.suse.cz> CC: , , From: Gu Zheng Message-ID: <5872E6E2.6020509@huawei.com> Date: Mon, 9 Jan 2017 09:26:58 +0800 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20170106101025.GA3533@quack2.suse.cz> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.177.97.87] X-CFilter-Loop: Reflected X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020201.5872E6E6.0160,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32 X-Mirapoint-Loop-Id: 045124de00e91d99b7b902a29a33230a Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org thanks, I will update it. 在 2017/1/6 18:10, Jan Kara 写道: > On Fri 06-01-17 16:12:55, Gu Zheng wrote: >> This change was missed the tmpfs modification in In CVE-2016-7097 >> commit 073931017b49d9458aa351605b43a7e34598caef >> posix_acl: Clear SGID bit when setting file permissions. >> It can test by xfstest generic/375, which failed to clear >> setgid bit in the following test case on tmpfs: >> >> touch $testfile >> chown 100:100 $testfile >> chmod 2755 $testfile >> _runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile >> >> Signed-off-by: Gu Zheng > > Ah, good catch. One comment below: > >> diff --git a/fs/posix_acl.c b/fs/posix_acl.c >> index 5955220..d014dff 100644 >> --- a/fs/posix_acl.c >> +++ b/fs/posix_acl.c >> @@ -922,11 +922,10 @@ int simple_set_acl(struct inode *inode, struct posix_acl *acl, int type) >> int error; >> >> if (type == ACL_TYPE_ACCESS) { >> - error = posix_acl_equiv_mode(acl, &inode->i_mode); >> - if (error < 0) >> - return 0; >> - if (error == 0) >> - acl = NULL; >> + error = posix_acl_update_mode(inode, >> + &inode->i_mode, &acl); >> + if (error > 0) >> + return error; > > Uh, why this error > 0 check? AFAIU it should be: > > if (error < 0) > return 0; > > As it used to be before... > > Honza >