iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14a1e067b4
linux/fs/nfsd
History
Ben Hutchings 999653786d nfsd: check permissions when setting ACLs 
Use set_posix_acl, which includes proper permission checks, instead of
calling ->set_acl directly.  Without this anyone may be able to grant
themselves permissions to a file by setting the ACL.

Lock the inode to make the new checks atomic with respect to set_acl.
(Also, nfsd was the only caller of set_acl not locking the inode, so I
suspect this may fix other races.)

This also simplifies the code, and ensures our ACLs are checked by
posix_acl_valid.

The permission checks and the inode locking were lost with commit
4ac7249e, which changed nfsd to use the set_acl inode operation directly
instead of going through xattr handlers.

Reported-by: David Sinquin <david@sinquin.eu>
[agreunba@redhat.com: use set_posix_acl]
Fixes: 4ac7249e
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2016-06-24 12:11:52 -04:00
..
acl.h nfsd4: remove nfs4_acl_new 2014-07-08 17:14:27 -04:00
auth.c nfsd: silence sparse warning about accessing credentials 2014-07-17 16:15:35 -04:00
auth.h
blocklayout.c nfsd: Fix NFSD_MDS_PR_KEY on 32-bit by adding ULL postfix 2016-06-14 11:50:04 -04:00
blocklayoutxdr.c nfsd: better layoutupdate bounds-checking 2016-03-22 14:39:35 -04:00
blocklayoutxdr.h nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
cache.h nfsd: Remove the cache_hash list 2014-08-17 12:00:12 -04:00
current_stateid.h
export.c sunrpc/nfsd: Remove redundant code by exports seq_operations functions 2015-08-13 08:59:02 -04:00
export.h nfsd: include linux/nfs4.h in export.h 2015-08-13 10:21:21 -04:00
fault_inject.c nfsd: remove old fault injection infrastructure 2014-08-05 10:55:10 -04:00
idmap.h nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
Kconfig nfsd: block and scsi layout drivers need to depend on CONFIG_BLOCK 2016-03-18 11:42:54 -04:00
lockd.c lockd: constify nlmsvc_binding structure 2016-01-07 10:10:50 -05:00
Makefile nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
netns.h nfsd: recover: constify nfsd4_client_tracking_ops structures 2015-11-23 12:15:30 -07:00
nfs2acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs3acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs3proc.c don't bother with ->d_inode->i_sb - it's always equal to ->d_sb 2016-04-10 17:11:51 -04:00
nfs3xdr.c A very quiet cycle for nfsd, mainly just an RDMA update from Chuck Lever. 2016-05-24 14:39:20 -07:00
nfs4acl.c nfsd: check permissions when setting ACLs 2016-06-24 12:11:52 -04:00
nfs4callback.c nfsd4/rpc: move backchannel create logic into rpc code 2016-06-15 10:32:25 -04:00
nfs4idmap.c nfsd: Remove duplicate define of IDMAP_NAMESZ/IDMAP_TYPE_xx 2015-07-20 14:58:46 -04:00
nfs4layouts.c nfsd: handle seqid wraparound in nfsd4_preprocess_layout_stateid 2016-05-13 15:34:47 -04:00
nfs4proc.c nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
nfs4recover.c Various bugfixes, a RDMA update from Chuck Lever, and support for a new 2016-03-24 10:41:00 -07:00
nfs4state.c nfsd: Make init_open_stateid() a bit more whole 2016-06-15 22:03:53 -04:00
nfs4xdr.c nfsd: use short read as well as i_size to set eof 2016-03-23 16:02:39 -04:00
nfscache.c nfsd: remove recurring workqueue job to clean DRC 2015-11-10 09:25:51 -05:00
nfsctl.c nfsd: fix nsfd startup race triggering BUG_ON 2015-04-21 16:16:03 -04:00
nfsd.h nfsd: eliminate NFSD_DEBUG 2015-04-21 16:16:02 -04:00
nfsfh.c don't bother with ->d_inode->i_sb - it's always equal to ->d_sb 2016-04-10 17:11:51 -04:00
nfsfh.h wrappers for ->i_mutex access 2016-01-22 18:04:28 -05:00
nfsproc.c nfsd: Disable NFSv2 timestamp workaround for NFSv3+ 2015-05-29 11:04:01 -04:00
nfssvc.c nfsd: Fix nfsd leaks sunrpc module references 2016-01-07 10:10:51 -05:00
nfsxdr.c VFS: normal filesystems (and lustre): d_inode() annotations 2015-04-15 15:06:57 -04:00
pnfs.h nfsd: add SCSI layout support 2016-03-18 11:42:53 -04:00
state.h nfsd: Always lock state exclusively. 2016-06-15 22:03:31 -04:00
stats.c nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
stats.h nfsd: move <linux/nfsd/stats.h> to fs/nfsd 2014-05-06 17:54:55 -04:00
trace.c nfsd: move include of state.h from trace.c to trace.h 2015-10-23 15:57:29 -04:00
trace.h nfsd: add new io class tracepoint 2016-01-14 17:32:51 -05:00
vfs.c nfsd: use RWF_SYNC 2016-05-01 19:58:39 -04:00
vfs.h nfsd: use short read as well as i_size to set eof 2016-03-23 16:02:39 -04:00
xdr3.h
xdr4.h nfsd: implement the NFSv4.2 CLONE operation 2015-12-07 23:12:00 -05:00
xdr4cb.h nfsd: implement pNFS layout recalls 2015-02-02 18:09:43 +01:00
xdr.h