On Mon, 5 Jan 2009, David Howells wrote: > Fix a regression in NFSD's permission checking introduced by the credentials > patches. There are two parts to the problem, both in nfsd_setuser(): > > (1) The return value of set_groups() is -ve if in error, not 0, and should be > checked appropriately. 0 indicates success. > > (2) The UID to use for fs accesses is in new->fsuid, not new->uid (which is > 0). This causes CAP_DAC_OVERRIDE to always be set, rather than being > cleared if the UID is anything other than 0 after squashing. > > Reported-by: J. Bruce Fields <bfields@xxxxxxxxxxxx> > Signed-off-by: David Howells <dhowells@xxxxxxxxxx> Acked-by: James Morris <jmorris@xxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
