diff options
| author | Jan Kara <jack@suse.cz> | 2016-05-26 17:21:32 +0200 |
|---|---|---|
| committer | Jan Kara <jack@suse.cz> | 2016-09-22 10:56:19 +0200 |
| commit | 030b533c4fd4d2ec3402363323de4bb2983c9cee (patch) | |
| tree | 1c59d4d47df600147f2e90a947cb82c1f57003ba /fs/nfsd | |
| parent | 31051c85b5e2aaaf6315f74c72a732673632a905 (diff) | |
| download | linux-030b533c4fd4d2ec3402363323de4bb2983c9cee.tar.gz | |
fs: Avoid premature clearing of capabilities
Currently, notify_change() clears capabilities or IMA attributes by calling security_inode_killpriv() before calling into ->setattr. Thus it happens before any other permission checks in inode_change_ok() and user is thus allowed to trigger clearing of capabilities or IMA attributes for any file he can look up e.g. by calling chown for that file. This is unexpected and can lead to user DoSing a system. Fix the problem by calling security_inode_killpriv() at the end of inode_change_ok() instead of from notify_change(). At that moment we are sure user has permissions to do the requested change. References: CVE-2015-1350 Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/nfsd')
0 files changed, 0 insertions, 0 deletions