On Wed, Jun 01, 2022 at 01:45:40PM +0300, Amir Goldstein wrote:
> From: Christoph Hellwig <hch@xxxxxx>
>
> commit 01ea173e103edd5ec41acec65b9261b87e123fc2 upstream.
>
> XFS always inherits the SGID bit if it is set on the parent inode, while
> the generic inode_init_owner does not do this in a few cases where it can
> create a possible security problem, see commit 0fa3ecd87848
> ("Fix up non-directory creation in SGID directories") for details.
inode_init_owner() introduces a bunch more SGID problems because
it strips the SGID bit from the mode passed to it, but all the code
outside it still sees the SGID bit set. IIRC, that means we do the
wrong thing when ACLs are present. IIRC, there's an LTP test for
this CVE now, and it also has a variant which uses ACLs and that
fails too....
I'm kinda wary about mentioning a security fix and then not
backporting the entire set of fixes the CVE requires in the same
patchset. I have no idea what the status of the VFS level fixes
that are needed to fix this properly - I thought they were done and
reviewed, but they don't appear to be in 5.19 yet.
Cheers,
Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx
