• Ben Hutchings's avatar
    nfsd: check permissions when setting ACLs · 24ae40c9
    Ben Hutchings authored
    commit 99965378 upstream.
    
    Use set_posix_acl, which includes proper permission checks, instead of
    calling ->set_acl directly.  Without this anyone may be able to grant
    themselves permissions to a file by setting the ACL.
    
    Lock the inode to make the new checks atomic with respect to set_acl.
    (Also, nfsd was the only caller of set_acl not locking the inode, so I
    suspect this may fix other races.)
    
    This also simplifies the code, and ensures our ACLs are checked by
    posix_acl_valid.
    
    The permission checks and the inode locking were lost with commit
    4ac7249e, which changed nfsd to use the set_acl inode operation directly
    instead of going through xattr handlers.
    Reported-by: default avatarDavid Sinquin <david@sinquin.eu>
    [agreunba@redhat.com: use set_posix_acl]
    Fixes: 4ac7249e
    Cc: Christoph Hellwig <hch@infradead.org>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
    [carnil: backport for 3.16: adjust context]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    24ae40c9
nfs4acl.c 23.6 KB