fs: Avoid premature clearing of capabilities - kernel/linux.git

diff options

author	Jan Kara <jack@suse.cz>	2016-05-26 18:21:32 +0300
committer	Ben Hutchings <ben@decadent.org.uk>	2016-11-20 04:17:38 +0300
commit	3418703a9d04fa65f993e89a3fa6bfeed3c1fe7c (patch)
tree	baeefd64bdda2633edca67ceb20bef0e7e4a4760 /fs/reiserfs
parent	be9df699432235753c3824b0f5a27d46de7fdc9e (diff)
download	linux-3418703a9d04fa65f993e89a3fa6bfeed3c1fe7c.tar.xz

fs: Avoid premature clearing of capabilities

commit 030b533c4fd4d2ec3402363323de4bb2983c9cee upstream. Currently, notify_change() clears capabilities or IMA attributes by calling security_inode_killpriv() before calling into ->setattr. Thus it happens before any other permission checks in inode_change_ok() and user is thus allowed to trigger clearing of capabilities or IMA attributes for any file he can look up e.g. by calling chown for that file. This is unexpected and can lead to user DoSing a system. Fix the problem by calling security_inode_killpriv() at the end of inode_change_ok() instead of from notify_change(). At that moment we are sure user has permissions to do the requested change. References: CVE-2015-1350 Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

Diffstat (limited to 'fs/reiserfs')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: