Date: Fri, 26 Aug 2016 05:05:11 -0400 (EDT) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit Hello, We would like to ask for a CVE-ID for the following securuty flaw. When file permissions are modified via chmod(2) and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod(2). A proposed fix: http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2 Initial discussion: http://www.spinics.net/lists/linux-fsdevel/msg98328.html Red Hat security Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1368938 The fix is not yet accepted to the Linux kernel upstream. Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.