Home Home > GIT Browse > SLE12-SP3
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGoldwyn Rodrigues <rgoldwyn@suse.com>2018-07-06 12:50:12 -0500
committerGoldwyn Rodrigues <rgoldwyn@suse.com>2018-07-06 12:50:12 -0500
commit1ab36524fad90cbb3552141a5b15d728511cad51 (patch)
tree7aa18da61a328c7a53fbd89b5358330f367dccce
parent3d14f8399d6227106b1cce8972e43fd34908e830 (diff)
Fix up non-directory creation in SGID directories (CVE-2018-13405, bsc#1100416).
-rw-r--r--fs/inode.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/inode.c b/fs/inode.c
index 1599c9e3d39c..94bdfe68bf4e 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -1943,8 +1943,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir,
inode->i_uid = current_fsuid();
if (dir && dir->i_mode & S_ISGID) {
inode->i_gid = dir->i_gid;
+
+ /* Directories are special, and always inherit S_ISGID */
if (S_ISDIR(mode))
mode |= S_ISGID;
+ else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) &&
+ !in_group_p(inode->i_gid) &&
+ !capable_wrt_inode_uidgid(dir, CAP_FSETID))
+ mode &= ~S_ISGID;
} else
inode->i_gid = current_fsgid();
inode->i_mode = mode;