sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-10 01:18:15 +03:00
Code

CVE-2020-25720 s4:ntvfs: Use se_file_access_check() to check file access rights

Browse Source 
se_access_check() will be changed in a following commit to remove the
implicit WRITE_DAC right that comes with being the owner of an object.
We want to keep this implicit right for file access, and by using
se_file_access_check() we can preserve the existing behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Joseph Sutton 2022-09-05 14:53:26 +12:00 committed by Andrew Bartlett
parent 6dc6ca56bd
commit 72b8e98252
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
source4/ntvfs/posix/pvfs_acl.c
View File

@ -670,7 +670,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
}
/* check the acl against the required access mask */
status = se_access_check(sd, token, *access_mask, access_mask);
status = se_file_access_check(sd, token, false, *access_mask, access_mask);
talloc_free(acl);
/* if we used a NT acl, then allow access override if the