Home| summaryrefslogtreecommitdiff |
diff options
| author | Goldwyn Rodrigues <rgoldwyn@suse.com> | 2018-07-06 12:50:12 -0500 |
|---|---|---|
| committer | Goldwyn Rodrigues <rgoldwyn@suse.com> | 2018-07-06 12:50:12 -0500 |
| commit | 1ab36524fad90cbb3552141a5b15d728511cad51 (patch) | |
| tree | 7aa18da61a328c7a53fbd89b5358330f367dccce | |
| parent | 3d14f8399d6227106b1cce8972e43fd34908e830 (diff) | |
Fix up non-directory creation in SGID directories (CVE-2018-13405, bsc#1100416).
suse-commit: d1314725964bd66928b1d181f018059387f118fe
| -rw-r--r-- | fs/inode.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/fs/inode.c b/fs/inode.c index 1599c9e3d39c..94bdfe68bf4e 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -1943,8 +1943,14 @@ void inode_init_owner(struct inode *inode, const struct inode *dir, inode->i_uid = current_fsuid(); if (dir && dir->i_mode & S_ISGID) { inode->i_gid = dir->i_gid; + + /* Directories are special, and always inherit S_ISGID */ if (S_ISDIR(mode)) mode |= S_ISGID; + else if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP) && + !in_group_p(inode->i_gid) && + !capable_wrt_inode_uidgid(dir, CAP_FSETID)) + mode &= ~S_ISGID; } else inode->i_gid = current_fsgid(); inode->i_mode = mode; |