diff options
| author | Ben Hutchings <[email protected]> | 2016-06-22 19:43:35 +0100 |
|---|---|---|
| committer | J. Bruce Fields <[email protected]> | 2016-06-24 12:11:52 -0400 |
| commit | 999653786df6954a31044528ac3f7a5dadca08f4 (patch) | |
| tree | 1591ca7fc7acbd0128b33701516f85276ad8ff06 /tools/perf/scripts/python/call-graph-from-postgresql.py | |
| parent | 485e71e8fb6356c08c7fc6bcce4bf02c9a9a663f (diff) | |
nfsd: check permissions when setting ACLs
Use set_posix_acl, which includes proper permission checks, instead of
calling ->set_acl directly. Without this anyone may be able to grant
themselves permissions to a file by setting the ACL.
Lock the inode to make the new checks atomic with respect to set_acl.
(Also, nfsd was the only caller of set_acl not locking the inode, so I
suspect this may fix other races.)
This also simplifies the code, and ensures our ACLs are checked by
posix_acl_valid.
The permission checks and the inode locking were lost with commit
4ac7249e, which changed nfsd to use the set_acl inode operation directly
instead of going through xattr handlers.
Reported-by: David Sinquin <[email protected]>
[[email protected]: use set_posix_acl]
Fixes: 4ac7249e
Cc: Christoph Hellwig <[email protected]>
Cc: Al Viro <[email protected]>
Cc: [email protected]
Signed-off-by: J. Bruce Fields <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-postgresql.py')
0 files changed, 0 insertions, 0 deletions