summaryrefslogtreecommitdiff
path: root/fs/orangefs/acl.c
AgeCommit message (Collapse)Author
2016-09-22posix_acl: Clear SGID bit when setting file permissionsJan Kara
When file permissions are modified via chmod(2) and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod(2). Fix that. References: CVE-2016-7097 Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
2016-07-05orangefs: Remove useless xattr prefix argumentsAndreas Gruenbacher
Mike, On Fri, Jun 3, 2016 at 9:44 PM, Mike Marshall <hubcap@omnibond.com> wrote: > We use the return value in this one line you changed, our userspace code gets > ill when we send it (-ENOMEM +1) as a key length... ah, my mistake. Here's a fixed version. Thanks, Andreas Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com>
2016-07-05orangefs: Remove useless definesAndreas Gruenbacher
The ORANGEFS_XATTR_INDEX_ defines are unused; the ORANGEFS_XATTR_NAME_ defines only obfuscate the code. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com>
2015-12-04Orangefs: change pvfs2 filenames to orangefsMike Marshall
Also changed references within source files that referred to header files whose names had changed. Signed-off-by: Mike Marshall <hubcap@omnibond.com>
2015-12-03OrangeFS: Change almost all instances of the string PVFS2 to OrangeFS.Yi Liu
OrangeFS was formerly known as PVFS2 and retains the name in many places. I leave the device /dev/pvfs2-req since this affects userspace. I leave the filesystem type pvfs2 since this affects userspace. Further the OrangeFS sysint library reads fstab for an entry of type pvfs2 independently of kernel mounts. I leave extended attribute keys user.pvfs2 and system.pvfs2 as the sysint library understands these. I leave references to userspace binaries still named pvfs2. I leave the filenames. Signed-off-by: Yi Liu <yi9@clemson.edu> [martin@omnibond.com: clairify above constraints and merge] Signed-off-by: Martin Brandenburg <martin@omnibond.com> Signed-off-by: Mike Marshall <hubcap@omnibond.com>
2015-10-03Orangefs: kernel client part 2Mike Marshall
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 11:59:32 +0000