From 0a63dca5ae2f975e08deae7e6c743a477af04367 Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher Date: Tue, 20 Dec 2005 16:29:05 +0100 Subject: [PATCH] setting ACLs on readonly mounted NFS filesystems (CVE-2005-3623) We must check for MAY_SATTR before setting acls, which includes checking for read-only exports: the lower-level setxattr operation that eventually sets the acl cannot check export-level restrictions. Bug reported by Martin Walter . Signed-off-by: Andreas Gruenbacher Signed-off-by: Greg Kroah-Hartman --- fs/nfsd/nfs2acl.c | 2 +- fs/nfsd/nfs3acl.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c index 7cbf0682b2f0..fc95c4df6693 100644 --- a/fs/nfsd/nfs2acl.c +++ b/fs/nfsd/nfs2acl.c @@ -107,7 +107,7 @@ static int nfsacld_proc_setacl(struct svc_rqst * rqstp, dprintk("nfsd: SETACL(2acl) %s\n", SVCFH_fmt(&argp->fh)); fh = fh_copy(&resp->fh, &argp->fh); - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP); + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR); if (!nfserr) { nfserr = nfserrno( nfsd_set_posix_acl( diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c index 64ba40572fea..16e10c170aed 100644 --- a/fs/nfsd/nfs3acl.c +++ b/fs/nfsd/nfs3acl.c @@ -101,7 +101,7 @@ static int nfsd3_proc_setacl(struct svc_rqst * rqstp, int nfserr = 0; fh = fh_copy(&resp->fh, &argp->fh); - nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_NOP); + nfserr = fh_verify(rqstp, &resp->fh, 0, MAY_SATTR); if (!nfserr) { nfserr = nfserrno( nfsd_set_posix_acl( -- cgit v1.2.3