From patchwork Thu May 26 15:02:48 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Kara X-Patchwork-Id: 9137067 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C4DF2607D3 for ; Thu, 26 May 2016 15:02:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B903027D10 for ; Thu, 26 May 2016 15:02:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id ADDB2282E8; Thu, 26 May 2016 15:02:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 67BBF27D10 for ; Thu, 26 May 2016 15:02:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753925AbcEZPCz (ORCPT ); Thu, 26 May 2016 11:02:55 -0400 Received: from mx2.suse.de ([195.135.220.15]:48122 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753876AbcEZPCy (ORCPT ); Thu, 26 May 2016 11:02:54 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id B653FAABC; Thu, 26 May 2016 15:02:52 +0000 (UTC) Received: by quack2.suse.cz (Postfix, from userid 1000) id 398B11E0734; Thu, 26 May 2016 17:02:52 +0200 (CEST) From: Jan Kara To: Al Viro Cc: linux-fsdevel@vger.kernel.org, Andreas Gruenbacher , Jan Kara Subject: [PATCH 2/2] posix_acl: Clear SGID bit when modifying file permissions Date: Thu, 26 May 2016 17:02:48 +0200 Message-Id: <1464274968-31182-2-git-send-email-jack@suse.cz> X-Mailer: git-send-email 2.6.6 In-Reply-To: <1464274968-31182-1-git-send-email-jack@suse.cz> References: <1464274968-31182-1-git-send-email-jack@suse.cz> Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When file permissions are modified via chmod(2) and the user modifying the permissions is not capable of setting SGID bit for the file, the bit gets cleared in inode_change_ok(). However this is not the case when file permissions get modified via setfacl(1). Add clearing of SGID bit to posix_acl_equiv_mode(). Signed-off-by: Jan Kara --- fs/posix_acl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/posix_acl.c b/fs/posix_acl.c index 0a7c5119ed8d..d714b9216418 100644 --- a/fs/posix_acl.c +++ b/fs/posix_acl.c @@ -311,8 +311,12 @@ posix_acl_equiv_mode(struct inode *inode, const struct posix_acl *acl, return -EINVAL; } } - if (mode_p) + if (mode_p) { + if (!in_group_p(inode->i_gid) && + !capable_wrt_inode_uidgid(inode, CAP_FSETID)) + *mode_p &= ~S_ISGID; *mode_p = (*mode_p & ~S_IRWXUGO) | mode; + } return not_equiv; } EXPORT_SYMBOL(posix_acl_equiv_mode);