Date: Fri, 26 Aug 2016 05:05:11 -0400 (EDT) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit Hello, We would like to ask for a CVE-ID for the following securuty flaw. When file permissions are modified via chmod(2) and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod(2). A proposed fix: http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2 Initial discussion: http://www.spinics.net/lists/linux-fsdevel/msg98328.html Red Hat security Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1368938 The fix is not yet accepted to the Linux kernel upstream. Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ