On Tue 20-09-16 09:13:24, Christoph Hellwig wrote: > On Mon, Sep 19, 2016 at 05:42:48PM +0200, Jan Kara wrote: > > When file permissions are modified via chmod(2) and the user is not in > > the owning group or capable of CAP_FSETID, the setgid bit is cleared in > > inode_change_ok(). Setting a POSIX ACL via setxattr(2) sets the file > > permissions as well as the new ACL, but doesn't clear the setgid bit in > > a similar way; this allows to bypass the check in chmod(2). Fix that. > > Looks good: > > Reviewed-by: Christoph Hellwig <hch@xxxxxx> Thanks for review. > (although I would have split it into a refactor patch and the actual > fix for clearing the suid bit) Yeah, it would have been better but I don't think it would help to redo the patch at this point. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
