aboutsummaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorAndreas Gruenbacher <agruen@suse.de>2005-12-20 16:29:05 +0100
committerGreg Kroah-Hartman <gregkh@suse.de>2005-12-26 16:08:59 -0800
commit0a63dca5ae2f975e08deae7e6c743a477af04367 (patch)
treeea4159295a732a277b99ae4960a1575ef600e6a7 /fs
parent841f70676036b309f7102e2c8024dc68c3946990 (diff)
[PATCH] setting ACLs on readonly mounted NFS filesystems (CVE-2005-3623)
We must check for MAY_SATTR before setting acls, which includes checking for read-only exports: the lower-level setxattr operation that eventually sets the acl cannot check export-level restrictions. Bug reported by Martin Walter <mawa@uni-freiburg.de>. Signed-off-by: Andreas Gruenbacher <agruen@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'fs')
-rw-r--r--fs/nfsd/nfs2acl.c2
-rw-r--r--fs/nfsd/nfs3acl.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
index 7cbf0682b2f..fc95c4df669 100644
--- a/fs/nfsd/nfs2acl.c
+++ b/fs/nfsd/nfs2acl.c
@@ -107,7 +107,7 @@ static int nfsacld_proc_setacl(struct svc_rqst * rqstp,
dprintk("nfsd: SETACL(2acl) %s\n", SVCFH_fmt(&argp->fh));
fh = fh_copy(&resp->fh, &argp->fh);
- nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
+ nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR);
if (!nfserr) {
nfserr = nfserrno( nfsd_set_posix_acl(
diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
index 64ba40572fe..16e10c170ae 100644
--- a/fs/nfsd/nfs3acl.c
+++ b/fs/nfsd/nfs3acl.c
@@ -101,7 +101,7 @@ static int nfsd3_proc_setacl(struct svc_rqst * rqstp,
int nfserr = 0;
fh = fh_copy(&resp->fh, &argp->fh);
- nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP);
+ nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR);
if (!nfserr) {
nfserr = nfserrno( nfsd_set_posix_acl(